Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Visualizing MITRE Tactic and Technique Coverage in Your Environment

If you want to filter by MITRE ATT&CK tactics, you must first map your rules to MITRE tactics and techniques. For more information, see Editing MITRE Mappings in a Rule or Building Block.

Visualize the coverage of MITRE ATT&CK tactics and techniques that the rules provide in IBM QRadar. After you organize the rule report, you can visualize the data through diagrams and heat maps and export the data to share with others.

  1. To see the levels of MITRE ATT&CK technique coverage, ATT&CK Actions > Coverage map and report in the upper right of the visualization pane.
  2. Scroll through the heat map visualization to see the different techniques that are covered by QRadar Use Case Manager.
  3. To see only the mappings for rules that are currently in the coverage map and report, set Rules in the report to On. Click any section in the heat map and then click Apply to update the filtered list in the table report.
  4. Close the report visualization to return to the dashboard.