MITRE ATT&CK
MITRE_ATTCK
Details
Author |
Energy SOAR |
Version |
1.0 |
License |
AGPL-V3 |
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
Yes |
DataType Supported |
other, hash, ip, domain, url, filename |
Service Homepage |
Description
Use MITRE ATT&CK as a knowledge source for tactic, technique and procedure enrichment in Energy SOAR investigations. The analyzer can be used to map observed activity to ATT&CK tactics and techniques, enrich incident context and support analyst triage with standardized adversary behavior references.
Configuration
Name |
Description |
base_url |
MITRE ATT&CK or ATT&CK knowledge source URL |
include_tactics |
Include tactic mappings in the result |
include_software |
Include related software and group references |
include_mitigations |
Include mitigation references where available |
Additional details
Typical use cases include:
mapping suspicious behaviors to ATT&CK techniques
enriching detections with tactic and technique references
correlating observed events with known adversary behavior patterns