Managing MITRE

The MITRE ATT&CK® (Adversarial Tactics, Techniques, and Common Knowledge) is a well-known global framework used for understanding and categorizing tactics, techniques, and procedures (TTPs) associated with cyber threats.

In Inopli, it is integrated into a dynamic and adaptable dashboard for security system administrators. This control panel offers an interactive interface, allowing administrative users to add or remove techniques and sub-techniques from the MITRE ATT&CK framework. This functionality is crucial for keeping the system's database aligned with the latest strategies and changes in the cyber threat landscape.

When a new technique is added to the system through the dashboard, it becomes immediately available for use in various functions. This includes application in correlation rules, which are essential for detecting and responding to incidents. Additionally, the newly included technique is also integrated into the MITRE coverage indicator generator, to evaluate the effectiveness of the implemented security measures.

The inclusion of updated techniques and sub-techniques ensures an increase in security, as it allows administrators to keep up with emerging trends in cyber attacks.

This approach ensures that the team not only keeps its threat database updated, but also strengthens its ability to prevent, detect, and respond to security incidents more effectively.

Creating a Technique

To ensure that the documentation always remains up-to-date, the team has the ability to add new techniques and/or sub-techniques, as well as to delete those that are no longer necessary. In the addition process, a detailed form is used, in which all essential information is requested for the accurate mapping of a new technique, sub-technique, and its respective version. This procedure ensures that each entry is complete, thus facilitating the management and location of information within the system.