Skip to main content

 

Custom Threat groups have arrived for the MITRE ATT&CK Adviser!  This update allows you to define custom alert groups, design your own threat groups, and track them!

Geo Release

Region Status
GovCloud Released
CA Released
US Released
EU Released
APAC Released

 

Table of Contents

What is a Custom Threat Group?

 Custom threat groups help organizations take threat groups from other security vendors and add them to the MITRE ATT&CK Adviser to quickly assess coverage of threat groups that are not tracked by MITRE. Custom threat groups enable customers to create: 

  • Custom threat groups 
  • Alert groups for data source not tracked by MITRE 
  • Groups to track their custom alert coverage

How can I use Custom Threat Groups?

Alert groups data for data source, enables organizations to map alerts for specific data sources to a group to understand what coverage specific data sources are getting them.  For example, if a customer wants to understand what coverage their AWS detections give them within Devo, they can create a group of their AWS alerts and quickly monitor their coverage.

Creating a custom group to track alerts that have been created by the customer in a single location is useful for understanding what coverage an organization has brought vs. Devo provided.  Alerts can also be separated into specific groups for homegrown applications or other reasons to track coverage on more specific parts of an organization's data landscape

 

Where can I find Custom Threat Groups?

Custom Threat Groups can be found in the App Configuration section of the MITRE ATT&CK Adviser application.

EmB0OjGRt2FM2q8xfGXpqNkLtRvX319eEUa3V1j-2a3xKtfEP8Owit04AGmifxq4hwB2Xx3BRqEv6mKf2U2Y_XTsnnlzcmX_w8TQrVgZzrDM9mRBtjw2HyA6_-SxMu5IibCCr9w287Gh5hCsltJNu5s

 

How to configure a Custom Threat Group?

Creating a new custom threat group is easy, just enter the following information in the UI window:

Field  Description
ID Unique ID for the custom Threat Group
Name Name of the Custom Threat Group
Description Describe the purpose or details of the group
Associated Threat Groups Identify the associated MITRE Threat groups for the threat group being created
Techniques Select the techniques that are associated with the new custom group.  This will enable the MITRE ATT&CK matrix filtering and coverage calculations.
Alerts Used Select the alerts that are associated with the new custom threat group.  This will enable the MITRE ATT&CK matrix filtering and coverage calculations.

 

TIz2r03aWHeK6s4SVbqeI82n6_YAG4vmiO_lzqSjBom38bVlpn9UehYqJmqmeE_eIWHy6akhMUvtFr0purTnIGEpM4KBq3mZnNionTPhxBQh8pqAewBU43LhGH_cY8ZyaiksfTZmw5_LLrS-OeN-r7c

Threat Groups Updated!

With this release, the custom Threat Groups list has been updated with a huge number of new Threat Groups to help you identify the techniques of specific known bad actors and measure your coverage against them!

Be the first to reply!