https://community.splunk.com/t5/Dashboards-Visualizations/mitre-visualisation-for-notable/m-p/690337#M56563 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/268899">@user487596</a>&nbsp;,</P><P>yes, in Security Essentials App you have also a MITRE visualization, but I'm hinting to use the above MITRE ATT&amp;CK app.</P><P>Ciao.</P><P>Giuseppe</P> Tue, 11 Jun 2024 13:39:33 GMT gcusello 2024-06-11T13:39:33Z https://community.splunk.com/t5/Dashboards-Visualizations/mitre-visualisation-for-notable/m-p/690319#M56555 <P>Hello everyone, I'm new to Splunk, can anyone help me: enable "Using visualizations to determine TTP coverage" from&nbsp;<A href="https://lantern.splunk.com/?title=Security%2FUCE%2FGuided_Insights%2FCyber_frameworks%2FAssessing_and_expanding_MITRE_ATT%26CK_coverage_in_Splunk_Enterprise_Security#" target="_blank" rel="noopener">https://lantern.splunk.com/?title=Security%2FUCE%2FGuided_Insights%2FCyber_frameworks%2FAssessing_and_expanding_MITRE_ATT%26CK_coverage_in_Splunk_Enterprise_Security#</A>&nbsp;?</P><P><A href="https://docs.splunk.com/Documentation/ES/7.1.0/RBA/ViewMitreMatrixforRiskNotable#View_the_MITRE_ATT.26CK_posture_for_a_risk_notable," target="_blank" rel="nofollow noopener noreferrer">https://docs.splunk.com/Documentation/ES/7.1.0/RBA/ViewMitreMatrixforRiskNotable#View_the_MITRE_ATT....</A></P><P><LI-PRODUCT title="Splunk Enterprise Security" id="263"></LI-PRODUCT>&nbsp;<LI-PRODUCT title="Splunk Security Essentials" id="3435"></LI-PRODUCT>&nbsp;</P> Tue, 11 Jun 2024 16:52:38 GMT https://community.splunk.com/t5/Dashboards-Visualizations/mitre-visualisation-for-notable/m-p/690319#M56555 user487596 2024-06-11T16:52:38Z https://community.splunk.com/t5/Dashboards-Visualizations/mitre-visualisation-for-notable/m-p/690328#M56559 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/268899">@user487596</a>&nbsp;,</P><P>to help you, I need some additional information:</P><P>what's your issue?</P><P>did you installed the Splunk MITRE ATT&amp;CK app (<A href="https://splunkbase.splunk.com/app/4617" target="_blank">https://splunkbase.splunk.com/app/4617</A>&nbsp;)?</P><P>are you working inside Enterprise Security or not?</P><P>Ciao.</P><P>Giuseppe</P> Tue, 11 Jun 2024 13:24:29 GMT https://community.splunk.com/t5/Dashboards-Visualizations/mitre-visualisation-for-notable/m-p/690328#M56559 gcusello 2024-06-11T13:24:29Z https://community.splunk.com/t5/Dashboards-Visualizations/mitre-visualisation-for-notable/m-p/690330#M56560 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/161352">@gcusello</a>&nbsp;,</P><P>don't see "MITRE ATTACK App for Splunk" in apps; yes, i'am <SPAN>work inside Enterprise Security</SPAN></P> Tue, 11 Jun 2024 13:29:26 GMT https://community.splunk.com/t5/Dashboards-Visualizations/mitre-visualisation-for-notable/m-p/690330#M56560 user487596 2024-06-11T13:29:26Z https://community.splunk.com/t5/Dashboards-Visualizations/mitre-visualisation-for-notable/m-p/690333#M56561 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/268899">@user487596</a>&nbsp;,</P><P>install it from Splunkbase I always use it: you'll find inside it useful Use Cases for ES.</P><P>Ciao.</P><P>Giuseppe</P> Tue, 11 Jun 2024 13:32:15 GMT https://community.splunk.com/t5/Dashboards-Visualizations/mitre-visualisation-for-notable/m-p/690333#M56561 gcusello 2024-06-11T13:32:15Z https://community.splunk.com/t5/Dashboards-Visualizations/mitre-visualisation-for-notable/m-p/690334#M56562 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/161352">@gcusello</a>, what about MITRE ATT&amp;CK Framework in&nbsp;Splunk Security Essentials,&nbsp;which, as I understand it, is already built in, Is it impossible to work with it or is it easier with your application?</P> Tue, 11 Jun 2024 13:36:17 GMT https://community.splunk.com/t5/Dashboards-Visualizations/mitre-visualisation-for-notable/m-p/690334#M56562 user487596 2024-06-11T13:36:17Z https://community.splunk.com/t5/Dashboards-Visualizations/mitre-visualisation-for-notable/m-p/690337#M56563 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/268899">@user487596</a>&nbsp;,</P><P>yes, in Security Essentials App you have also a MITRE visualization, but I'm hinting to use the above MITRE ATT&amp;CK app.</P><P>Ciao.</P><P>Giuseppe</P> Tue, 11 Jun 2024 13:39:33 GMT https://community.splunk.com/t5/Dashboards-Visualizations/mitre-visualisation-for-notable/m-p/690337#M56563 gcusello 2024-06-11T13:39:33Z https://community.splunk.com/t5/Dashboards-Visualizations/mitre-visualisation-for-notable/m-p/690338#M56564 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/161352">@gcusello</a>&nbsp;,&nbsp;The application is cool, but I would like to understand the built-in capabilities. Is there any documentation or tips on how to set up visualization without third-party applications?</P> Tue, 11 Jun 2024 13:41:47 GMT https://community.splunk.com/t5/Dashboards-Visualizations/mitre-visualisation-for-notable/m-p/690338#M56564 user487596 2024-06-11T13:41:47Z https://community.splunk.com/t5/Dashboards-Visualizations/mitre-visualisation-for-notable/m-p/690341#M56565 <P>Hi&nbsp;&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/268899">@user487596</a>&nbsp;,</P><P>as I said, I always use the MITRE ATT&amp;CK app, but if you want to use only the Security Essentials, see this:</P><P><A href="https://docs.splunk.com/Documentation/SSE/3.8.0/User/MITREFramework" target="_blank">https://docs.splunk.com/Documentation/SSE/3.8.0/User/MITREFramework</A></P><P>Ciao.</P><P>Giuseppe</P> Tue, 11 Jun 2024 13:55:05 GMT https://community.splunk.com/t5/Dashboards-Visualizations/mitre-visualisation-for-notable/m-p/690341#M56565 gcusello 2024-06-11T13:55:05Z https://community.splunk.com/t5/Dashboards-Visualizations/mitre-visualisation-for-notable/m-p/690348#M56566 <P>doesn't look like what i need, it's just a dashboard&nbsp;<BR />i need this&nbsp;<A href="https://docs.splunk.com/Documentation/ES/7.1.0/RBA/ViewMitreMatrixforRiskNotable#View_the_MITRE_ATT.26CK_posture_for_a_risk_notable," target="_blank">https://docs.splunk.com/Documentation/ES/7.1.0/RBA/ViewMitreMatrixforRiskNotable#View_the_MITRE_ATT.26CK_posture_for_a_risk_notable</A>&nbsp;the problem is that the event doesn't have this (MITRE ATT&amp;CK Posture for this Notable) information in notable... how to add it?</P> Tue, 11 Jun 2024 14:44:05 GMT https://community.splunk.com/t5/Dashboards-Visualizations/mitre-visualisation-for-notable/m-p/690348#M56566 user487596 2024-06-11T14:44:05Z https://community.splunk.com/t5/Dashboards-Visualizations/mitre-visualisation-for-notable/m-p/690970#M56608 <P>The answer in <A href="https://www.splunk.com/en_us/blog/security/do-more-with-splunk-security-essentials-3-7-0.html" target="_self">this splunk blog post.</A></P><P>Somewhere in "System Configuration" we can configure integration with ES. Nuance - I opened this settings menu once, but the second time I can’t find it <span class="lia-unicode-emoji" title=":grinning_face_with_smiling_eyes:">😄</span></P> Tue, 18 Jun 2024 08:32:01 GMT https://community.splunk.com/t5/Dashboards-Visualizations/mitre-visualisation-for-notable/m-p/690970#M56608 user487596 2024-06-18T08:32:01Z