MITRE ATT&CK
============

MITRE_ATTCK
-----------

.. rubric:: Details

===========================  ==========================================================
Author                       Energy SOAR
Version                      1.0
License                      AGPL-V3
Requires Registration        No
Requires Subscription        No
Free Subscription Available  Yes
DataType Supported           other, hash, ip, domain, url, filename
Service Homepage             `MITRE ATT&CK <https://attack.mitre.org/>`_
===========================  ==========================================================

.. rubric:: Description

Use MITRE ATT&CK as a knowledge source for tactic, technique and procedure enrichment in Energy SOAR investigations.
The analyzer can be used to map observed activity to ATT&CK tactics and techniques, enrich incident context and support analyst triage with standardized adversary behavior references.

.. rubric:: Configuration

===========================  ===========================================================
Name                         Description
base_url                     MITRE ATT&CK or ATT&CK knowledge source URL
include_tactics              Include tactic mappings in the result
include_software             Include related software and group references
include_mitigations          Include mitigation references where available
===========================  ===========================================================

.. rubric:: Additional details

Typical use cases include:

* mapping suspicious behaviors to ATT&CK techniques
* enriching detections with tactic and technique references
* correlating observed events with known adversary behavior patterns