This the multi-page printable view of this section. Click here to print.
1 - ATT&CK Matrix
NetWitness Threat Content models using MITRE ATT&CK Matrix for Enterprise.
Should look something like this:
|T1234 Drive-by||Initial Access||Network, Endpoint|
Things I need:
- Bundles created for each technique (can roll up sub-techniques)
- Ability to subscribe to bundles (feature)
- Add data source mapping (Log, Network, Endpoint) to JSON