Environment
- Predictive Security Cloud (PSC): February 18, 2020 Release (0.52.1 backend)
- Cloud Endpoint Standard (fka CB Defense)
- Cloud Enterprise EDR (fka CB ThreatHunter)
- CB ThreatSight
Objective
Provide steps to view details on MITRE ATT&CK framework TTPs on the Alerts page
Resolution
- Go to Alerts page
- Click into Search bar
- Begin typing MITRE to view list of related TTPs
- Select desired MITRE TTP and press Enter to search
Example
TTP:MITRE_T1075_PASS_THE_HASH
- Expand items displayed to view full list of TTPs linked to selected AlertID
- Click on the pill/button with desired MITRE TTP listed
- New tab opens in browser with information on MITRE technique or tactic
Example
https://attack.mitre.org/techniques/T1075/
Additional Notes
Repeat as desired for other MITRE TTPs or use the MITRE site (
MITRE ATT&CK®) to look for information on other Tactics, Techniques, and Procedures (TTPs)
Related Content