alatif113
commented
2 months ago You need to provide the techniques via the output of your search.
For example, think of what your search output looks like when you call a bar chart visualization using a | stats count by field. Something like this:
| field | count |
|---|---|
| Value A | 10 |
| Value B | 20 |
| Value C | 24 |
Similarly, for this visualization you need at least 2 output columns, with an optional 3rd.
| technique | some number | description (optional) |
|---|---|---|
| T1234 | 10 | optional description A |
| T5678 | 20 | optional description B |
| T3456 | 24 | optional description C |
Without the optional description column, the output should look like:
| technique | some number |
|---|---|
| T1234 | 10 |
| T5678 | 20 |
| T3456 | 24 |
The column/field names don't matter as long as:
- The first column is a valid MITRE technique ID
- The second column is some number e.g., count, sum, average
Just as if you were using a bar chart visualization, you need to provide the data (in this case the technique ID and some number associated with that ID) via the output of your search. Hope this helps.
Hello, There is a lack of documentation to get techniques to populate on the heatmap, is there a way you can make a guide on how to use? There is some syntax that is on the readme but it's not very intuitive