Jul 13 2021 11:27 AM
Hi all
I am wondering before I start work on it whether anyone has built or is looking to build Mitre framework correlation of Tactics and Techniques from Sentinel into SIR ServiceNow. I can see how it is possible to map out the Tactics that flow through into Sentinel - however the Techniques (such as phishing (Technique) sits behind the Initial Access (Tactic). Wanting to be able to just do this at that high level so it hit and correlates to the Category and Sub-Category in SIR ServiceNow. I can see how the Mitre workbook looks up against the populating github page - but trying to populate the techniques looks to be slightly more complicated with initial thoughts being a look up against something - pull the rule name and cross link that. Any thoughts or ideas always welcome. Thanks
Jul 14 2021 12:53 AM
SolutionJul 14 2021 01:18 AM