Column Name for MITRE Tactic in Log Analytics Workspace

Question

Hi Team,&nbsp;&nbsp;Could you provide me the table/column name where&nbsp;MITRE Tactic is stored in&nbsp;Log Analytics Workspace&nbsp;I wanted to created a dashboard to map the&nbsp;MITRE Tactic and security incidents.&nbsp;Kindly help&nbsp;@Clive&nbsp;Watson&nbsp;(@Clive Watson)@Noa&nbsp;Kuperberg&nbsp;(@Noa Kuperberg)&nbsp;

clivewatson · Answer

kmanish&nbsp;
&nbsp;
I don't believe we do, I think it maybe available via the Sentinel api call though - more details from the api are planned to go into Log Analytics in the future.&nbsp; &nbsp;
&nbsp;
In the meantime you could add the Tactic as a comment to the query, so that it appears in ExtendedProperties?
&nbsp;
SecurityAlert
| where ProviderName == "ASI Scheduled Alerts" 
| where ExtendedProperties contains "Query"
//| search "Tactic"
e.g. I used "This only happens" as a string to illustrate the method
&nbsp;
&nbsp;
You could then use a extend to put the tactic in its own column?
&nbsp;
Thanks&nbsp;

Forum Discussion

Column Name for MITRE Tactic in Log Analytics Workspace

1 Reply

Resources