Overview
This application provides compliance and triage dashboards for MITRE ATT&CK Framework that are fully integrated with Splunk Enterprise Security and Splunk ES Content Update with drill-down capabilities.
Required Splunk Apps:
- Splunk Enterprise 7.x or above
- Splunk Enterprise Security 5.2 or above
- Splunk ES Content Update 1.0.40 or above
Setup Instructions
Upon initial installation you may need to manually run "MITRE Compliance Lookup Gen" saved search/report in order to populate the lookup table.
Saved Searches
This application comes with a predefined saved search (MITRE Compliance Lookup Gen) which checks currently enabled correlation rules via analytic stories and creates a lookup file to match them to MITRE ATT&CK Framework techniques for compliance. By default this search is scheduled to run at midnight everyday to populate the lookup table.
Quick Links
Release Notes: This section provides details on system requirements and how to install and run MITRE ATT&CK App for Splunk in production environments.
Using MITRE ATT&CK App: This guide provides information on how to use MITRE ATT&CK App for Splunk.
Release Notes: This section provides details on release notes.