View Details of a Sub-Technique
Analysts can view the following details for a sub-technique:
Alias: View the alias name of the sub-technique. You can view the same in Threat Data which lists all the attack patterns with alias.
Basic Details: View the number of indicators, malware, and threat actors identified by CTIX for the selected technique. A MITRE sub-technique in the CTIX application includes information, such as detailed description, platform, data sources, software, last modified date, tactic, and defense bypass. You can also view information about:
Procedures performed by an attacker before and after an attack. Procedural information is available for specific sub-techniques only.
Methods to mitigate the sub-technique from potential threats by understanding the pattern.
Methods to detect a pattern for the sub-technique and control a potential breach in time.
Tasks: View and create tasks for the selected sub-technique. For more information, see Add a Task for a Technique.
References: View the list of URLs related to the selected sub-technique.
Notes: View and add notes for the selected sub-technique. For more information, see Create a Note for ATT&CK Navigator Technique.
Steps
To view the details of the sub-technique, follow these steps:
Go to Main Menu > Analysis > ATT&CK Navigator.
Select a layer.
Expand the technique to view the associated sub-techniques.
Select the sub-technique to view the details. Click Open in Threat Data to view details in Threat Data.