This the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

ATT&CK Matrix

1 - ATT&CK Matrix

NetWitness Threat Content models using MITRE ATT&CK Matrix for Enterprise.

Should look something like this:

Technique Tactic Data Source(s)
T1234 Drive-by Initial Access Network, Endpoint

Things I need:

  • Bundles created for each technique (can roll up sub-techniques)
  • Ability to subscribe to bundles (feature)
  • Add data source mapping (Log, Network, Endpoint) to JSON