- Cyware Threat Intelligence eXchange
- Product Documentation
- Analysis
- ATTACK Navigator
ATTACK Navigator
The MITRE ATT&CK Navigator is a web-based tool for annotating and exploring ATT&CK matrices. It can be used to visualize defensive coverage, red/blue team planning, the frequency of detected techniques, and more. Navigator tactics include various strategies used by the threat actors whereas techniques define the way of achieving the strategies.
Intel Exchange integrates the MITRE ATT&CK Navigator framework and supports the tactics and techniques for ATT&CK metrics such as Enterprise and Mobile. It enables the security teams and analysts to visualize, track, and create adversaries' footprints and map them to specific tactics and techniques.
Intel Exchange also offers a Custom Base Layer, that integrates the MITRE ATT&CK Navigator framework and allows analysts to add custom techniques to visualize, track, and create attack patterns that are not a part of existing techniques.
As an analyst, you can use the ATT&CK Navigator to do the following:
Map relevant indicators, malware, incidents, and Intel Exchange threat actors with MITRE's tactics and techniques.
Add custom techniques to the Custom Base Layer and other layers.
Clone the MITRE or Custom Base Layer with tailored techniques and sub-techniques, or custom techniques respectively.
Identify trends across the cyber kill chain and associate them with the reported threat actors.
View detailed information about the techniques.
The following table shows the elements of the ATT&CK Navigator:
Navigator Element | Description |
---|---|
Metrics | Choose between Enterprise and Mobile ATT&CK metrics to look for particular domains on which you can look for distinguished techniques that impact corresponding assets. |
Filters | Filter techniques based on feed sources of IOCs, system created date, system modified date, platforms, MITRE threat actors, software, log data sources, and mitigation. You cannot filter sub-techniques by applying the filters. |
Search | Search a technique or a sub-technique by name or ID. |
Heatmap | View the color-coded representation of the Threat data objects that are associated with technique or sub-technique. The colors indicate the frequently used techniques by objects, with red being the most used and green being the least used. |
Count by | Show the number of indicators, malware, and threat actors associated with the techniques. You can further sort the techniques and sub-techniques in ascending or descending order. Intel Exchange updates the count of objects of a technique every 15 minutes. |
Expand Sub-Techniques | Expand and collapse the sub-techniques. |
Add Custom Technique | Adds a custom technique to the custom base layer and other layers. By default, all custom techniques are added to the Custom Base Layer. |
Before you Start
Ensure that you have View, Create & Update ATT&CK Navigator permissions.