Splunk® Enterprise Security

Use Splunk Enterprise Security Risk-based Alerting

This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

View the MITRE ATT&CK posture for a risk notable

View the MITRE ATT&CK posture within the context of a risk notable so that you can reduce the mean time to detection (MTTD) and mean time to repair (MTTR) and enhance the situational awareness in your security operations center (SOC).

Follow these steps to view the MITRE MITRE ATT&CK posture for a risk notable in context:

  1. On the Splunk Enterprise Security Search app, select Incident Review.
  2. Expand a risk notable form the list of risk notables.
  3. Scroll to MITRE ATT&CK Posture for this Notable to see the highlighted MITRE tactics and techniques that were detected for the risk object.

    The MITRE matrix chart displays all the tactics and techniques for every risk event associated with the risk object for that risk notable.

    You can also scroll to Additional Fields to see the list of MITRE ATT&CK tactics and techniques for the risk notable.
Last modified on 02 February, 2023
 

This documentation applies to the following versions of Splunk® Enterprise Security: 7.1.0, 7.1.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters