As the MITRE ATT&CK Framework grows rapidly more useful and more widely adopted by security operations teams, we are always looking for ways to make it easier to integrate ATT&CK into investigation workflows. Our existing detection cards offer background information about attack behaviors, including links to MITRE ATT&CK TTPs. That means analysts don't have to search in a separate location or resort to Googling to know the implications of a given detection or to find out where on the Framework a particular detection might have relevance.
With Reveal(x) version 8.1 we're taking the MITRE ATT&CK integration to the next level. Users can now view detections on a visual matrix, mapped to the MITRE ATT&CK Framework, as well as search their environment for detections by MITRE ATT&CK code.
Watch this three minute video to see how the new feature works, then dive into our free online demo to try it for yourself!