Splunk Enterprise Security

Enterprise Security - Mitre Metrics

gazoscreek
Explorer

When I configure a correlation search with an Annotation of MiTRE ATT&CK and create a notable, I don't see any evidence of the Annotation in the notable. 

 

gazoscreek_0-1639068279261.png

Anyone have any ideas how I can search my platform to report on triggered notables by Mitre Attack?

 

 

sidoyle_
Explorer

I'm scratching my head over the same issue, i am new to Splunk and still finding my way around. Did you ever solve this problem ?

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...