MITRE ATT&CK Adviser app
- Juan Tomás Alonso Nieto (Deactivated)
Purpose
The MITRE ATT&CK(™) Adviser application is a tool that enables Security teams to understand their Devo domain’s alerts and log sources in the context of the MITRE ATT&CK(™) framework.
For alert coverage, the application reads all the Security Operations out-of-the-box alerts, custom alerts, and installed alerts and maps them to the ATT&CK matrix, and color codes how well covered each tactic and technique is.
Directly from the application you will be able to:
View sub-techniques within the matrix to understand where more coverage can be addedÂ
Install Alert and take action to improve coverageÂ
Have coverage from a single alert to multiple Tactics and techniquesÂ
For log sources, the application detects log sources currently being ingested and maps them to the ATT&CK matrix to evaluate data ingestion.
Open app
Once the app has been installed, you can use the Open button at the top right of the card in Exchange to access it and use it as intended. You can also access the app via the Navigation pane.
Use app
Once inside the app, you can use it as required. Refer to MITRE ATT&CK Adviser for a detailed walkthrough.