cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Column Name for MITRE Tactic in Log Analytics Workspace

kmanish
Copper Contributor

‎Feb 27 2020 03:03 AM - last edited on ‎Apr 08 2022 10:18 AM by

‎Feb 27 2020 03:03 AM - last edited on ‎Apr 08 2022 10:18 AM by

Column Name for MITRE Tactic in Log Analytics Workspace

Hi Team, 

 

Could you provide me the table/column name where MITRE Tactic is stored in Log Analytics Workspace

 

I wanted to created a dashboard to map the MITRE Tactic and security incidents.

 

Kindly help

 

741 Views
0 Likes
1 Reply
Reply
1 Reply
CliveWatson

‎Feb 27 2020 09:30 AM

‎Feb 27 2020 09:30 AM

Re: Column Name for MITRE Tactic in Log Analytics Workspace

@kmanish 

 

I don't believe we do, I think it maybe available via the Sentinel api call though - more details from the api are planned to go into Log Analytics in the future.   

 

In the meantime you could add the Tactic as a comment to the query, so that it appears in ExtendedProperties?

 

SecurityAlert
| where ProviderName == "ASI Scheduled Alerts" 
| where ExtendedProperties contains "Query"
//| search "Tactic"

e.g. I used "This only happens" as a string to illustrate the method

 Annotation 2020-02-27 172839.jpg

 

You could then use a extend to put the tactic in its own column?

 

Thanks 

0 Likes
Reply