This application (https://splunkbase.splunk.com/app/4617/) provides compliance and triage dashboards for MITRE ATT&CK Framework that are fully integrated with Splunk Enterprise Security (https://splunkbase.splunk.com/app/263/) and Splunk ES Content Update (https://splunkbase.splunk.com/app/3449/) with drill-down capabilities.
Note: Although the app will work without ES Content Update, it is highly recommended since it comes with many correlation rules that have mitre_attack annotations already.
This application comes with predefined saved searches. Lookup Gen searches are scheduled to run daily after midnight.
mitre_all_rule_technique_lookup.csvin order to generate a new lookup to properly display MITRE ATT&CK Compliance martix.