MITRE ATT&CK

The MITRE ATT&CK report is designed to view alerts in the context of the MITRE ATT&CK matrix. The report includes a timestamp of the most recent data point included in the report (Data updated to), and a timestamp of when the graphics in the report were last refreshed (Last refreshed). Both of these timestamps are in UTC.

The time filter will filter alerts created during the selected period.

The report is able to show the number of alerts, or the number of separate detection rules, which map to each MITRE tactic or technique. The matrix cell is colored darker as the number increases.

Note that only detection rules that create alerts that arrive in CDC can be counted. It is possible that many detection rules are defined on the SIEMs, or EDRs, but never fire an alert. In this case these detection rules will not be recorded in this report.