This application provides compliance and triage dashboards for MITRE ATT&CK Framework with drill-down capabilities. It is recommended to utilize Splunk Enterprise Security and [Splunk ES Content Update] (https://splunkbase.splunk.com/app/3449/); however, starting with version 2.3.0 non-ES deployments are also supported with [Alert Manager] (https://splunkbase.splunk.com/app/2665/) integration.
Starting with version 2.3.0, we added support for non-ES (Enterprise Security App) deployments as well.
One of the following applications is required:
For one of the views:
Note: Although the app will work without ES Content Update, it is highly recommended since it comes with many correlation rules that have mitre_attack annotations already.
This application comes with predefined saved searches. Lookup Gen searches are scheduled to run daily after midnight.
mitre_all_rule_technique_lookup.csvin order to generate a new lookup to properly display MITRE ATT&CK Compliance martix.