Skip to content
  • There are no suggestions because the search field is empty.

About MITRE ATT&CK Tactics and Techniques

Tags: Documentation

NetWitness allows you to tag an application rule with MITRE ATT&CK Tactics and Techniques. MITRE framework provides insight into tactics, techniques, or sub-techniques used by advanced attackers or advanced persistent threats (APTs). NetWitness uses the MITRE ATT&CK framework to detect and analyze different types of threats.

When you tag an application rule with MITRE ATT&CK Tactics and Techniques, analysts can look into the various techniques and tactics associated with the Incidents, alerts, and events.

You do not have to search the MITRE pages to understand techniques or tactics and learn about their implications. You can view all the MITRE details in the ATT&CK Explorer. The additional details about MITRE ATT&CK Tactics and Techniques help you to understand how an attack or event is detected in their NetWitness system and then make informed decisions.

NetWitness Platform enables analysts to conduct further analysis with levels of granularity in techniques.

The MITRE ATT&CK framework is a curated knowledge base and model for cyber adversary behavior. It reflects the various phases of an adversary's attack lifecycle and the platforms they are known to target.

For more information on the MITRE ATT&CK framework, go to https://attack.mitre.org/resources/faq/

For more information, see “Use MITRE ATT&CK Framework” chapter in the NetWitness Respond User Guide for 12.4 .

View MITRE ATT&CK Tactics and Techniques in Application and ESA rules

NetWitness allows you to tag application rules and ESA rules with MITRE ATT&CK Tactics and Techniques. When you tag MITRE ATT&CK Tactics and Techniques, you can view the details of the tactics and techniques used by advanced attackers or advanced persistent threats (APTs). You do not have to search the MITRE pages to understand techniques or tactics and learn about their implications. You can view all the MITRE details in the ATT&CK explorer. The additional details about MITRE ATT&CK Tactics and Techniques help you to understand how an attack or event is detected in their NetWitness system and then make informed decisions.

Both MITRE ATT&CK® and ATT&CK® are registered trademarks of the MITRE Corporation. © 2024 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

To view MITRE ATT&CK Tactics and Techniques in application and ESA rules

  1. Go to ConfigureIcon.png(CONFIGURE) > Policies.

  2. In the Policies panel, click Content tab.

  3. Click APPLICATION RULE. The Application Rules are listed.

    12.4_ccm_mitre_configure_app_rule_list.png

  4. Click a rule that you want to view the MITRE ATT&CK Tactics and Techniques. The rule panel appears on the left side.

    12.4_ccm_mitre_configure_app_rule_mitre_list.png

  5. In the left panel, scroll down and view the MITRE ATT&CK TACTICS and TECHNIQUES categories.

  6. Click a MITRE ATT&CK TACTICS or TECHNIQUES. The ATT&CK Explorer panel appears with details on tactics and techniques.

    12.4_ccm_mitre_configure_app_rule_mitre_tactics.png

    You can view the following details:

For more information, see “Use MITRE ATT&CK Framework” chapter in the NetWitness Respond User Guide for 12.4 .

                                                      Previous Page                                                      Next Page