Overview

This application provides compliance and triage dashboards for MITRE ATT&CK Framework with drill-down capabilities. It is recommended to utilize Splunk Enterprise Security and [Splunk ES Content Update] (https://splunkbase.splunk.com/app/3449/); however, starting with version 2.3.0 non-ES deployments are also supported with [Alert Manager] (https://splunkbase.splunk.com/app/2665/) integration.

Required Splunk Apps:

Starting with version 2.3.0, we added support for non-ES (Enterprise Security App) deployments as well.

One of the following applications is required:

For one of the views:

Note: Although the app will work without ES Content Update, it is highly recommended since it comes with many correlation rules that have mitre_attack annotations already.

Saved Searches

This application comes with predefined saved searches. Lookup Gen searches are scheduled to run daily after midnight.

Previous Versions: 2.2.0 |  2.1.0 |  1.3.x |  1.2.x |