| Home |
|---|
FortiSOAR™'s MITRE ATT&CK Alerts and Incident Spread widget offers a comprehensive view of security threats using the MITRE ATT&CK framework. Here's a breakdown of its key features:
1. Tactics Overview:
- The top row displays MITRE ATT&CK Tactics present in your FortiSOAR environment.
- Visible tactics depend on:
- Ingested MITRE ATT&CK Matrices: Which attack frameworks are used?
- Widget filters: Are Hide Empty Tactics and Hide Tactics If All Related Techniques Are Hidden enabled?
2. Techniques and Subtechniques:
- Technique rows:
- Display technique names and links.
- Show if techniques have linked Subtechniques, Alerts, or Incidents.
- Clicking links expands the cell for details.
- Subtechnique rows:
- Similar to Techniques, but can have their own linked Alerts and Incidents.
- Clicking links expands the cell further for Alert and Incident details.
3. Alerts and Incidents:
- Alert and Incident names are displayed with severity information.
- Heatmap filter (if enabled) highlights all Alerts and Incidents for immediate attention.
- Clicking on these links opens the respective Alert or Incident details in FortiSOAR.
Overall, this widget provides a valuable insight into:
- Potential attack vectors: Which MITRE ATT&CK Tactics are present in your environment?
- Specific techniques and subtechniques used: Get details about individual attack steps.
- Alerts and incidents triggered: Identify potential threats and their severity.
- Heatmap visualization: Quickly prioritize critical issues.
This information equips security analysts with a structured and actionable view of threats, enabling them to efficiently prioritize and respond to security incidents.
-
Edit a Dashboard's view template and select the Add Widget button.
-
Select MITRE ATT&CK Alert Incident Spread from the list to bring up the MITRE ATT&CK Alert Incident Spread widget's edit view.
-
Specify the title of the spread in the Title field.
-
Select to toggle Show Alert and Incident Coverage to highlight and expand Techniques and Subtechniques. Only the techniques and subtechniques linked to alerts and incidents are displayed.
-
Select to toggle Expand All Techniques to highlight and expand all Techniques. This toggle is available only when Show Alert and Incident Coverage is off.
-
Select to toggle Hide Empty Tactics to hide tactics without any Technique relationships.
-
Select to toggle Hide Empty Techniques to hide Techniques without any Subtechnique, Alert, or Incident relationships.
-
Select to toggle Filter Based on Groups and select threat actor groups to filter the Mitre ATT&CK spread.
-
Define the filter criteria using which to hide alerts from being rendered by this widget.
-
Define the filter criteria using which to hide incidents from being rendered by this widget.
-
Click Save to save the changes and exit widget's edit view.
"
| Installation | Configuration |
|---|