MITRE ATT&CK Navigator Operation
The web format of this guide reflects the most current release. Guides for older iterations are available in PDF format.
Integration Details
ThreatQuotient provides the following details for this integration:
| Current Integration Version | 1.0.2 |
| Compatible with ThreatQ Versions | >= 4.30.0 |
| Support Tier | ThreatQ Supported |
Introduction
The MITRE ATT&CK Navigator Operation for ThreatQ allows an analyst to export an Adversary, and its related Attack Patterns, for use in the MITRE ATT&CK Navigator.
The operation provides the following action:
- Generate Layer - export Adversary and related Attack Patterns as JSON following the MITRE ATT&CK Navigator 4.2 specification.
The operation is compatible with the following system objects:
- Adversaries
- Campaigns
- Events
- Malware
- Reports
- Tools
Installation
This integration can be installed in the My Integration section of your ThreatQ instance. See the Adding an Integration topic for more details.
Configuration
ThreatQuotient does not issue API keys for third-party vendors. Contact the specific vendor to obtain API keys and other integration-related credentials.
To configure the integration:
- Navigate to your integrations management page in ThreatQ.
- Select the Operation option from the Type dropdown (optional).
- Click on the integration entry to open its details page.
-
Review any additional settings, make any changes if needed, and click on Save. - Click on the toggle switch, located above the Additional Information section, to enable it.
Actions
The operation provides the following action:
| Action | Description | Object Type | Object Subtype |
|---|---|---|---|
| Generate Layer | Export Adversary and related Attack Patterns as JSON following the MITRE ATTACK Navigator 4.2 specification. | Adversaries, Events, Tools, Malware, Campaigns | N/A |
Generate Layer
The Generate Layer action exports Adversary and related Attack Patterns as JSON following the MITRE ATTACK Navigator 4.2 specification.
Action Parameters
The following configuration parameters are available for this action:
| Parameter | description |
|---|---|
| Layer Name | Name for this layer. If left blank, the name will be the object's value. |
| Description | Description for the layer. |
| Use the description in ThreatQ instead of the providing one | Use the checkbox to enable/disable this option. |
| MITRE Domain | Select the MITRE Domain for the layer. Options include Enterprise and Mobile. |
| Show techniques by default in Navigator | Use the checkbox to enable/disable this option. |
| Include object attributes as metadata | Use the checkbox to enable/disable this option. |
| Use the attribute 'MITRE Navigator Score' as the Attack Pattern score | If enabled, the value of the Attack Pattern's attribute MITRE Navigator Score is used to color the technique. |
Change Log
- Version 1.0.2
- Added the Run Parameter, Use the attribute 'MITRE Navigator Score' as the Attack Pattern score, to set a score for each Attack Pattern.
- Version 1.0.1
- The operation is now compatible with Tools and Events object types.
- Version 1.0.0
- Initial release
PDF Guides
| Document | ThreatQ Version |
|---|---|
| MITRE ATT&CK Operation v1.0.2 | 4.30 or Greater |
| MITRE ATT&CK Operation v1.0.1 | 4.30 or Greater |
| MITRE ATT&CK Operation v1.0.0 | 4.30 or Greater |