Feb 27 2020
03:03 AM
- last edited on
Apr 08 2022
10:18 AM
by
TechCommunityAP
Feb 27 2020
03:03 AM
- last edited on
Apr 08 2022
10:18 AM
by
TechCommunityAP
Hi Team,
Could you provide me the table/column name where MITRE Tactic is stored in Log Analytics Workspace
I wanted to created a dashboard to map the MITRE Tactic and security incidents.
Kindly help
Feb 27 2020 09:30 AM
I don't believe we do, I think it maybe available via the Sentinel api call though - more details from the api are planned to go into Log Analytics in the future.
In the meantime you could add the Tactic as a comment to the query, so that it appears in ExtendedProperties?
SecurityAlert
| where ProviderName == "ASI Scheduled Alerts"
| where ExtendedProperties contains "Query"
//| search "Tactic"
e.g. I used "This only happens" as a string to illustrate the method
You could then use a extend to put the tactic in its own column?
Thanks