Mitre Att&ck Tags

Updated 2 weeks ago by Elvis Hovor

The Mitre ATT&CK framework attempts to standardize the terminology used within the industry to describe attacker technique and procedure. Mitre's ATT&CK matrix is quickly becoming the de-facto standard for organizations focused on threat modeling, attacker techniques and proactive mitigation of adversary tactics and techniques. TruSTAR enables users leverage Mitre ATT&CK in their daily investigative process and overall intelligence management decision making.

Mitre ATT&CK Framework in TruSTAR

TruSTARs Mitre ATT&CK capability allows users to tag their internal reports and IOCs with Mitre ATT&CK tactics and techniques modeled after the Mitre ATT&CK enterprise matrix.

Creating MITRE ATT&CK Tags for Reports

You can tag your internal reports with Mitre ATT&CK tactics or techniques by selecting the MITRE Att&CK tab under the tags section on the reports view page.

Selecting the Mitre ATT&CK tab will allow users to select the tactics or techniques to associate to the report. Users can select multiple tactics or techniquest to associate to each report.

If you select to tag a report or indicator by a technique the associated tactic will also be added as a tag.

Mitre ATT&CK tags will show in the tags section of the report after you save changes. All Mitre tags are preceded by "mitre/" to help differentiate it from other report tags

Currently you can only tag your internal reports with Mitre ATT&CK tags. They do not work on open and closed source intelligence reports

Creating Mitre Tags for IOCs

Similar to the tagging of reports users can assign MITRE ATT&CK tags to IOC's. Users can search or chose IOC's on the graph to assign MITRE ATT&CK tags.

Filtering Mitre Tags

In the reports and IOC's list panel you can filter by MITRE ATT&CK tags to view only reports and indicators associated with a MITRE ATT&CK tag.

We will be making continual updates to our Mitre Att&ck capability and we welcome questions and feedback on improvements. Please don’t hesitate to send us a quick note here.

How Did We Do?