View TDL Heat Map
The TDL Heat Map displays tactics, techniques, and sub-techniques based on content created in the Analyst and Member Portal. While creating TDL content, you can fill in the tactic and technique details that correspond to the content. This content is correlated and mapped in the ATT&CK Navigator.
Note
If Threat Defender Library (TDL) is enabled, TDL Heat Map will remain available even if ATT&CK Navigator is disabled in Administration > Configuration. For more information, see Configure CSAP Features.
For example, if you select Persistence as the tactic and Application Shimming as the technique while creating the content, the same can be visualized in the TDL Heat Map.
The columns in the heat map are organized based on tactics defined by MITRE. The number of times a particular tactic is reported in the TDL content is displayed near the tactic name.
The rows in the heatmap are organized based on techniques defined by MITRE. The number of times a particular technique is reported in the TDL content is displayed near the technique name. Additionally, you can also view the sub-techniques associated with the corresponding tactic-technique pair.
Before you Start
You must have the View, Create, and Update permissions to access ATT&CK Navigator.
From the Main Menu, go to ATT&CK Navigator, and select TDL Heat Map.
Select a tactic to view the list of TDL content associated with the tactic.
Select a technique to view the list of TDL content associated with the tactic and technique pair.
Select a sub-technique to view the list of TDL content associated with the corresponding tactic, technique, and sub-technique.
Select the ATT&CK Matrix type (Enterprise, ICS, and Mobile) to view the corresponding TDL content.