Alert Logic now supports, and has included in the Alert Logic console, the MITRE ATT&CK framework. Incidents found in the Alert Logic console will continue to show Alert Logic incident classifications and will now include classifications defined in the MITRE ATT&CK framework.
The MITRE ATT&CK framework “is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community” (Source: MITRE).
MITRE tactics and techniques classify exploit exposures and vulnerabilities in your environment. Specifically, tactics are tactical adversary goals during an attack and techniques are how adversaries achieve those tactical goals.
MITRE Classifications in the Alert Logic Console
You can find MITRE classifications in several places within the Alert Logic console, including:
- Incident console – > Respond > Incidents.
Within the Incident console, you can filter by MITRE Tactic and/or MITRE Technique categories via the left-hand Filters panel. You can also choose to include MITRE Tactic and/or MITRE Technique columns and corresponding data in your Incident List via the Choose Columns drop-down menu. MITRE details on incidents are also available via the preview accessed by hovering over an incident, by clicking on an incident and selecting Analytic Details, and within Incident Notification emails.
- Any incident-related report - > Validate > Reports > Threat.
Wherever you find incident types in reports, you will now also find MITRE tactic and technique classifications. For example, see the screenshot below of the Incident Daily Digest Trends report.
- On several dashboards - > Dashboards.
MITRE tactic and technique classifications are available on the following dashboards: Threat Summary, Web Log Analytics, and Firewall Log Security Analysis. MITRE classifications within these dashboards replace Alert Logic incident classifications.