Custom Threat groups have arrived for the MITRE ATT&CK Adviser! This update allows you to define custom alert groups, design your own threat groups, and track them!
Table of Contents
What is a Custom Threat Group?
Custom threat groups help organizations take threat groups from other security vendors and add them to the MITRE ATT&CK Adviser to quickly assess coverage of threat groups that are not tracked by MITRE. Custom threat groups enable customers to create:
- Custom threat groups
- Alert groups for data source not tracked by MITRE
- Groups to track their custom alert coverage
How can I use Custom Threat Groups?
Alert groups data for data source, enables organizations to map alerts for specific data sources to a group to understand what coverage specific data sources are getting them. For example, if a customer wants to understand what coverage their AWS detections give them within Devo, they can create a group of their AWS alerts and quickly monitor their coverage.
Creating a custom group to track alerts that have been created by the customer in a single location is useful for understanding what coverage an organization has brought vs. Devo provided. Alerts can also be separated into specific groups for homegrown applications or other reasons to track coverage on more specific parts of an organization's data landscape
Where can I find Custom Threat Groups?
Custom Threat Groups can be found in the App Configuration section of the MITRE ATT&CK Adviser application.
How to configure a Custom Threat Group?
Creating a new custom threat group is easy, just enter the following information in the UI window:
|Unique ID for the custom Threat Group
|Name of the Custom Threat Group
|Describe the purpose or details of the group
|Associated Threat Groups
|Identify the associated MITRE Threat groups for the threat group being created
|Select the techniques that are associated with the new custom group. This will enable the MITRE ATT&CK matrix filtering and coverage calculations.
|Select the alerts that are associated with the new custom threat group. This will enable the MITRE ATT&CK matrix filtering and coverage calculations.
Threat Groups Updated!
With this release, the custom Threat Groups list has been updated with a huge number of new Threat Groups to help you identify the techniques of specific known bad actors and measure your coverage against them!