vdebergue
commented
2 years ago Hello, thank you for the feedback.
Integrating the navigator in TheHive UI seems a bit too complex at the moment but creating a json layer file seems doable. We could first include it for a single case and then add the ability to generate the layer from multiple cases to get the heatmap.
For reference, Mitre uses some ptyhon scripts to generate the json layers: https://github.com/mitre-attack/attack-scripts/tree/master/scripts/layers/samples
I will add this feature on the roadmap, it may be available in 5.2 (5.1 is almost ready so a bit late to include this feature there)
Request Type
Feature Request
Feature Description
Within a case, for whatever TTP's are added to an incident, include a heatmap output for the MITRE attack framework so that you can see at a glance what areas of the framework are touched within an incident.
Alternativley, output a json file so that it can be manually added via the Attack Navigator
Feature could possibly be added into a dashboard so that any TTP's seen over all cases in a selected timeframe could be overlayed in a heatmap giving a SOC Manager visibility / reportability into what areas they are being targetted the most. Creating a heatmap in the Attack Navigator is possible to construct via json.
Complementary information