Custom Visualizations give you new interactive ways to visualize your data during search and investigation, and to better communicate results in dashboards and reports. After installing this app youll find a MITRE ATT&CK Heatmap diagram as an additional item in the visualization picker in Search and Dashboard.
This app uses ATT&CK v15.1 and D3FEND v0.15.0. For more information visit https://attack.mitre.org/resources/versions/ and https://d3fend.mitre.org/resources/
| table <att&ck_technique_id> <numerical_value> [description]
OR
| stats <aggregation> by <att&ck_technique_id>
The visualization requires at least 2 fields to be present within the search output, with an optional third:
1. att&ck_technique_id: The ID of a MITRE ATT&CK Technique (e.g. T0001)
2. numerical_value / aggregation: A numerical value or aggregation to associate with the technique (e.g. count, sum, average)
3. (Optional) description: An optional description to associate with the technique, to display within a tooltop on mouse hover.
| stats count AS "Detection Count" first(description) as description by id
| table id "Detection Count" description
$row.mtr_sub-technique_id$$row.mtr_technique_id$$row.mtr_tactic_id$$row.mtr_sub-technique_name$$row.mtr_technique_name$$row.mtr_tactic_name$$row.mtr_sub-technique_value$$row.mtr_technique_value$$row.mtr_tactic_value$If any of the above values are not defined, the associated token is unset.
This app is currently unsupported for Internet Explorer. Please report issues to https://github.com/alatif113/mitre_attck_heatmap/issues
Both MITRE ATT&CK<sup>®</sup> and ATT&CK<sup>®</sup> are registered trademarks of The MITRE Corporation.
The MITRE Corporation (MITRE) hereby grants you a non-exclusive, royalty-free license to use ATT&CK Evaluations for research, development, and commercial purposes. Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.
"(C) 2018 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation."
DISCLAIMERS
MITRE does not claim ATT&CK enumerates all possibilities for the types of actions and behaviors documented as part of its adversary model and framework of techniques. Using the information contained within ATT&CK to address or cover full categories of techniques will not guarantee full defensive coverage as there may be undisclosed techniques or variations on existing techniques not documented by ATT&CK.
ALL DOCUMENTS AND THE INFORMATION CONTAINED THEREIN ARE PROVIDED ON AN "AS IS" BASIS AND THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS, AGENTS, AND EMPLOYEES, DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION THEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.