Add a Custom Technique
CTIX enables you to add a custom technique to track and monitor the attack patterns that are not a part of existing MITRE techniques.
To add a custom technique, do the following:
From Main Menu, select ATT&CK Navigator under Analysis.
Select either the Custom Base Layer or an existing layer.
Click Add Custom Technique.
Enter a unique name for the custom technique.
Select relevant tactics from the drop-down.
To define the layer in which the custom technique appears, select a layer.
By default, all custom techniques are added to the Custom Base Layer.
To add additional information about the custom technique, enter the following relevant metadata fields:
Enter the relevant description.
Select the platforms, such as Azure AD, Windows, SaaS, and more.
Select the data sources, such as Scheduled Job: Scheduled Job Creation, Process: Process Access, and more.
Select the defense bypassed.
Select the software, such as Cobalt Strike, Empire, and more.
Select the mitigations, such as Privileged Account Management, User Account Management, and more.
To provide a webpage or a URL from where the technique came into existence, enter a reference URL.
You can add multiple reference URLs.
Click Save.
The custom technique appears with a C under the selected tactics.