1 - ATT&CK Matrix
NetWitness Threat Content models using MITRE ATT&CK Matrix for Enterprise.
Should look something like this:
| Technique | Tactic | Data Source(s) |
|---|---|---|
| T1234 Drive-by | Initial Access | Network, Endpoint |
Things I need:
- Bundles created for each technique (can roll up sub-techniques)
- Ability to subscribe to bundles (feature)
- Add data source mapping (Log, Network, Endpoint) to JSON