Forum Discussion
Column Name for MITRE Tactic in Log Analytics Workspace
Hi Team, Could you provide me the table/column name where MITRE Tactic is stored in Log Analytics Workspace I wanted to created a dashboard to map the MITRE Tactic and security incidents. ...
I don't believe we do, I think it maybe available via the Sentinel api call though - more details from the api are planned to go into Log Analytics in the future.
In the meantime you could add the Tactic as a comment to the query, so that it appears in ExtendedProperties?
SecurityAlert
| where ProviderName == "ASI Scheduled Alerts"
| where ExtendedProperties contains "Query"
//| search "Tactic"e.g. I used "This only happens" as a string to illustrate the method
You could then use a extend to put the tactic in its own column?
Thanks