Devo Exchange: Mitre Att&ck Adviser 1.7

Custom Threat groups have arrived for the MITRE ATT&CK Adviser!  This update allows you to define custom alert groups, design your own threat groups, and track them!

Geo Release

Table of Contents

What is a Custom Threat Group?

 Custom threat groups help organizations take threat groups from other security vendors and add them to the MITRE ATT&CK Adviser to quickly assess coverage of threat groups that are not tracked by MITRE. Custom threat groups enable customers to create: 

• Custom threat groups 
• Alert groups for data source not tracked by MITRE 
• Groups to track their custom alert coverage

How can I use Custom Threat Groups?

Alert groups data for data source, enables organizations to map alerts for specific data sources to a group to understand what coverage specific data sources are getting them.  For example, if a customer wants to understand what coverage their AWS detections give them within Devo, they can create a group of their AWS alerts and quickly monitor their coverage.

Creating a custom group to track alerts that have been created by the customer in a single location is useful for understanding what coverage an organization has brought vs. Devo provided.  Alerts can also be separated into specific groups for homegrown applications or other reasons to track coverage on more specific parts of an organization's data landscape

Where can I find Custom Threat Groups?

Custom Threat Groups can be found in the App Configuration section of the MITRE ATT&CK Adviser application.

How to configure a Custom Threat Group?

Creating a new custom threat group is easy, just enter the following information in the UI window:

Threat Groups Updated!

With this release, the custom Threat Groups list has been updated with a huge number of new Threat Groups to help you identify the techniques of specific known bad actors and measure your coverage against them!