View Alert Heat Map
The heatmap displays tactics and techniques based on alerts created from the Analyst Portal. While creating an alert, the analysts can fill in the tactic, technique, and sub-technique details that correspond to the alert. These alerts are correlated and mapped in the ATT&CK Navigator.
For example, if you select Persistence as the tactic and Application Shimming as the technique while creating an alert, the same can be visualized in the alert heatmap.
The columns in the heatmap are organized based on tactics defined by MITRE. The number of times a particular tactic is reported in an alert is displayed near the tactic name.
The rows in the heatmap are organized based on techniques defined by MITRE. The number of times a particular technique is reported in an alert is displayed near the technique name. Additionally, you can also view the sub-techniques associated with the corresponding tactic-technique pair.
Before you Start
You must have the View and Create/Update permissions to access ATT&CK Navigator
From the Main Menu, go to ATT&CK Navigator, and select Alert Heat Map.
Select a tactic to view the list of alerts associated with the tactic.
Select a technique to view the list of alerts associated with the tactic and technique pair.
Select a sub-technique to view the list of alerts associated with the corresponding tactic, technique, and sub-technique.
Select the ATT&CK Matrix type (Enterprise, ICS, and Mobile) to view the corresponding alerts.