Skip to main content

Cyware Threat Intelligence eXchange

Add a Custom Technique

CTIX enables you to add a custom technique to track and monitor the attack patterns that are not a part of existing MITRE techniques.

To add a custom technique, do the following:

  1. From Main Menu, select ATT&CK Navigator under Analysis.

  2. Select either the Custom Base Layer or an existing layer.

  3. Click Add Custom Technique.

  4. Enter a unique name for the custom technique.

  5. Select relevant tactics from the drop-down.

  6. To define the layer in which the custom technique appears, select a layer.

    By default, all custom techniques are added to the Custom Base Layer.

  7. To add additional information about the custom technique, enter the following relevant metadata fields:

    • Enter the relevant description.

    • Select the platforms, such as Azure AD, Windows, SaaS, and more.

    • Select the data sources, such as Scheduled Job: Scheduled Job Creation, Process: Process Access, and more.

    • Select the defense bypassed.

    • Select the software, such as Cobalt Strike, Empire, and more.

    • Select the mitigations, such as Privileged Account Management, User Account Management, and more.

  8. To provide a webpage or a URL from where the technique came into existence, enter a reference URL.

    You can add multiple reference URLs.

  9. Click Save.

    The custom technique appears with a C under the selected tactics.