Mitre Att&ck Tags
The Mitre ATT&CK framework attempts to standardize the terminology used within the industry to describe attacker technique and procedure. Mitre's ATT&CK matrix is quickly becoming the de-facto standard for organizations focused on threat modeling, attacker techniques and proactive mitigation of adversary tactics and techniques. TruSTAR enables users leverage Mitre ATT&CK in their daily investigative process and overall intelligence management decision making.
Mitre ATT&CK Framework in TruSTAR
TruSTARs Mitre ATT&CK capability allows users to tag their internal reports and IOCs with Mitre ATT&CK tactics and techniques modeled after the Mitre ATT&CK enterprise matrix.
Creating MITRE ATT&CK Tags for Reports
You can tag your internal reports with Mitre ATT&CK tactics or techniques by selecting the MITRE Att&CK tab under the tags section on the reports view page.
Selecting the Mitre ATT&CK tab will allow users to select the tactics or techniques to associate to the report. Users can select multiple tactics or techniquest to associate to each report.
Mitre ATT&CK tags will show in the tags section of the report after you save changes. All Mitre tags are preceded by "mitre/" to help differentiate it from other report tags
Creating Mitre Tags for IOCs
Similar to the tagging of reports users can assign MITRE ATT&CK tags to IOC's. Users can search or chose IOC's on the graph to assign MITRE ATT&CK tags.
Filtering Mitre Tags
In the reports and IOC's list panel you can filter by MITRE ATT&CK tags to view only reports and indicators associated with a MITRE ATT&CK tag.
We will be making continual updates to our Mitre Att&ck capability and we welcome questions and feedback on improvements. Please don’t hesitate to send us a quick note here.