Use Case Module

You can access the GovOps application by clicking on the CyberProof AD button and using your CyberProof credentials.

The application has a collapsible menu on the left. At any point, you can navigate to the following:

• Use Cases Module

• Settings

• Logout

  

You can see Use Cases for a particular customer, by selecting that customer.

The Use Cases module includes the following features:

• Use Case Library
• Use Case Catalog
• Use Case Wishlist (coming soon)
• Requests
• Save Heatmaps

Use Case Library

The Use Case Library includes easy access to Use Cases in a contextual manner, for the governance of Use Cases and for ensuring that the monitoring strength of the SOC is reliable. You can also view a list of Use Cases and details of each individual Use Case (description, MITRE tactic/technique, detection specification, response playbook, etc.).

Customer Toggle
You can toggle customers from the Use Case Library.

Use Case Heatmap
You can plot the current selection of Use Cases on the MITRE ATT&CK Navigator heatmap dynamically, by clicking the View in Navigator button to visualize their threat detection coverage.

Clicking the View in Navigator button will open the MITRE Navigator in a new browser tab.

Techniques will be scored and colored in different shades of blue based on the count of Use Cases for the particular technique. The Navigator legend will be opened by default. By hovering over a Technique, you can see the number of Use Cases per Log source type, along with the score (number of Use Cases).

Here you can use all of MITRE Navigator’s built-in features.

Use Case Category
The Use Case Category helps organize the list of Use Cases based on their lifecycle.

The following are Use Cases Categories and their definitions:

• In Production - Use Cases deployed in production.
• In Build - Use Cases under development.
• In Maintenance - Use Cases being fine tuned.
• In Catalog - Use Cases from CyberProof’s Master Use Cases that are not currently deployed in your environment.

When landing on the Use Case Library page for the first time, the In Catalog Use Case will be de-selected to provide a view of current and planned security coverage.

Use Case Filter
Use the filter option to find a Use Case for a particular criteria. For example; you can do so by a particular log source/technique, to know the current detection coverage for the log source/technique.

The Filter panel will open to the right when clicking the Filter button.

You can also type directly into the field to find the value to filter. Use the Apply button and the applied filters will be visible as chiplets on the Use Case Library page, with values visible via hover. The Clear All option can be used to reset the Use Case Library to its default state.

The applied filters look like this:

Use Case Search
You can find Use Cases by typing the Use Case Name or ID in the search bar at the top right of the Library page. Searched keywords will be highlighted to identify why Use Cases are part of the search result.

Use Case Detail View
You can get all of the details of a particular Use Case, after clicking on it in the Use Case Library.

New Tag on Use Cases
Library use cases that have recently been moved (in the last 30 days) into production are the most important use cases. You can see those use cases on top, with an alphabetical sort and a “New“ tag on it on top of the list. Below them, all other use cases will be sorted in alphabetical order.

Use Case Catalog

The Use Case Catalog provides easy access to Use Cases in a list view format. You can see the Use Case Name, Use Case ID, tactics in the Use Case, and log sources covered in the Use Case.

You can expand and shrink Use Cases for more information about a particular Use Case. You can also click on a Use Case for more detailed information.

Additionally, you can get a glimpse of the complexity of a Use Case by the LHS color of the Use Case Name. Red means HIGH complexity, yellow is MEDIUM complexity, and Green is LOW complexity.

Customer Toggle
You can toggle customers from the Use Case Library.

Use Case Heatmap
You can also plot the current Use Case selection on the MITRE ATT&CK Navigator heatmap dynamically, by clicking the View in Navigator button to visualize their threat detection coverage.

Clicking the View in Navigator button will open the MITRE Navigator in a new browser tab.

Techniques will be scored and colored in different shades of blue, based on counts of Use Cases for the particular technique. The Navigator legend will be open by default. On hovering over Technique, you can see the number of Use Cases per Log source type, along with the score (number of Use Cases).

You will be able to use all of MITRE Navigator’s built-in features.

Use Case Filter
Use the filter option to find Use Cases for a particular criteria. For example, by a particular log source/technique to know the current detection coverage for the log source/technique.

The Filter panel opens to the right when clicking the Filter button.

You can type directly into the field to find the value to filter. Using the Apply button to applied filters will be visible as chiplets on the Use Case Catalog page, with values visible on hover. The Clear All option can be used to reset the Use Case Catalog to the default state.

Use Case Search
You can find Use Cases by typing the Use Case Name, Use Case ID, Tactics, or Log Sources in the search bar at the top right of the Library page. Searched keywords are highlighted to identify why Use Cases are part of the search result.

Use Case Detail View
You can get all of the details of a particular Use Case, after clicking on it in the Use Case Catalog. By clicking Back to Catalog, you will land on the Use Case Catalog page again.

Use Case Catalog Pagination
Using pagination and move-top functionality, you can view 20 use cases on a single page.

Requests

You can request a use case if you do not get the required use case in the catalog or want to request a customized use case. You will see the list of all requested use cases on the Requests page of the GovOps application, with the following columns: Request ID, Use Case Requests Name, Status, Use Case ID, Request Date, and Requester.

Create a New Request
When clicking the + New Request button from Use Case Catalog, you will get a form where you can fill in all of the required fields and then submit it. Once you submit the form, the UCF team will receive a request, which they will review and add to the catalog if it is a relevant use case.

Customer Toggle
You can use the Customer Toggle button to view the Request page for different customers.

Pagination on Requests Page
Using pagination and move-top functionality, you can view 20 requests on a single page.

Save Heatmaps

You can save the MITRE ATTACK NAVIGATOR heatmap for future reference. Use the Save Heatmap button on the MITRE ATTACK NAVIGATOR to save the heatmap present on it, by filling in the required fields of the pop-up. All saved heatmaps for a particular customer will be displayed on the Saved Heatmaps page of the GovOps application. This will have the following columns: Heatmap Name, Description, Created By, Created On, and Actions. You can view that heatmap by clicking the View In Navigator link in the Actions column. Use the Customer Toggle button to view the Saved Heatmaps page of different customers.

Customer Toggle
You can use the Customer Toggle button to view the Saved Heatmaps page for different customers.

Search Heatmaps
You can search a particular heatmap of a group of heatmaps by Heatmap Name and Description, using the search functionality.

Sort Heatmaps
You can sort the heatmap list by the Heatmap Name and Created By columns, in ascending and descending orders.

Pagination on Save Heatmap
Using pagination and move-top functionality, you can view 20 heatmaps on a single page.

The Settings page is a separate MFE in the GovOps application that is only accessible to users with Admin access. For other users, the Settings icon will not visible and the Settings page will not be accessible.

Settings MFE includes the following features:

• User Management
• Customer Profile
• Data Ingestion Settings (Includes Allowed Values)

User Management

You can see the User table on the User Management page. This features the following columns: User ID, User Name, Customer Name, Application Role, and Actions. You can perform all user-related operations on this page.

Add Users
You can add a user by clicking the + Add User button. Save it by filling in all required fields in the pop-up.

Edit Users
You can update users by clicking the Edit icon. You can save it by filling in all required fields in the pop-up.

Delete Users
Users can delete any user - except themselves - using the Delete icon.

Sort Users
You can sort the table alphabetically in ascending and descending order, by the User ID (email address of the user) column.

Search Users
You can search for a particular user by any column, using the Search functionality.

Pagination in User Management
Using the pagination functionality, you can view 10 users on a single page.

Customer Profile

You can find the Customer table on the Customer Profile page. This table has the following columsn: Customer ID, Customer Name, Status, and Actions. You can perform all customer-related operations on this page.

Add Customers
You can add a customer by clicking on the + Create New Customer button. Save it by filling out all of the required fields in the Create or edit a customer form.

Edit Customers
You can update customers by clicking on the Edit icon. Save it by filling out all of the required fields in the Create or edit a customer form. You can activate/inactivate any customer.

Filter Customers
You can filter customers by the Status column, using the Status filter.

Search Customers
You can search for a particular customer by any column, using the Search functionality.

Pagination in Customer Profile
Using pagination functionality, you can view 10 customers on a single page.

Data Ingestion Settings

On this page, you can perform Data Ingestion, Invalid Use Case Report, and Allowed Values related operations.

Start Ingestion
You can run ingestion using the Start Ingestion button.

Invalid Use Cases Report
You can download the Invalid Use Cases report in Excel format by clicking the Invalid use cases report button.

Add Allowed Values
You can add allowed values using the + Add allowed values button, and filling in all of the required fields in the pop-up.

Search Allowed Values
You can search for particular allowed values or lists of allowed values, using the search functionality.

Delete Allowed Values
You can delete allowed values by clicking the Delete icon, and confirming on the pop-up that follows.

Pagination for Allowed Values
Using the pagination functionality, you can view 10 allowed values on a single page.

You can log out from the GovOps application by clicking the Logout button and selecting Yes on the pop-up that follows.