Justify New Data Sources via MITRE ATT&CK

Table of Contents

Introduction

If you want to get a new data source in, MITRE ATT&CK can often provide a neutral industry-recognized way to show what that data would do for you. This guide will walk you through the configuration of this app, and then the dashboard that enables that functionality.

Feature

MITRE ATT&CK-based Content Recommendations

With an understanding of what data you have, you can specify the types of security concerns you’re facing and then use MITRE ATT&CK to filter for the Splunk content related to MITRE Techniques that are associated with many different threat groups.

  1. Select a category of issue that you are concerned about. If desired, you can also adjust the default filters for data availability and popularity.

  2. You will be greeted by a list of content that is tied to ATT&CK techniques MITRE reports as being popular with many threat groups.

  3. This dashboard is built on the Data Inventory and Correlation Search Introspection, so if you haven’t configured those yet, make sure to visit those pages.