In the mitre_attack_overview.xml view (under "Drilldowns > MITRE ATT&CK" from the menu), clicking on a "process_path" cell redirects to the file_create_drilldown.xml view, with an empty list. This is due to the fact that the process_path field is incorrectly escaped. The Windows path should replace every \ with \\ to work. Manually doing the replacement for the path and refreshing the view works.
In the
mitre_attack_overview.xml
view (under "Drilldowns > MITRE ATT&CK" from the menu), clicking on a "process_path" cell redirects to thefile_create_drilldown.xml
view, with an empty list. This is due to the fact that theprocess_path
field is incorrectly escaped. The Windows path should replace every\
with\\
to work. Manually doing the replacement for the path and refreshing the view works.