Fortinet black logo

Administration Guide

Home FortiNDR 7.4.3 Administration Guide
7.4.3
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0

MITRE ATT&CK

MITRE ATT&CK

MITRE ATT&CK is a knowledge base of threat behaviors relied upon by security professionals worldwide. The Network Insights > MITRE ATT&CK page tracks the number of events that occurred for each MITRE attack tactics category.

The dashboard displays the detection by behavior (behavioral and non-behavioral) and by technique (primary and secondary).

  • The Primary technique is what is used to detect the behavior.
  • The Secondary technique is not always related to what is seen on the network, but is related to the threat in general. The secondary technique will not be displayed in some instances.

The column headers in the MITRE ATT&CK page are tactics, and the tiles within these columns are the relevant techniques.

To view the secondary technique, click the vertical bars at right side of the tile.

Event handler coverage

When Show All is selected, the MITRE ATT&CK technique with FortiNDR coverage appears as a blue block. When a MITRE ATT&CK technique detection has been triggered, the technique block will display a shield icon.

When Show Coverage is selected, the technique blocks with no FortiNDR coverage are hidden so the matrix can fit the page. In this view, dark blue blocks represent the MITRE techniques detection were triggered.

Click Download Mitre Coverage to save export the data as CSV file.

Mitre ATT&CK detail

Click a tile in the column to view Information about the technique:

Technique ID The technique ID.
Technique Name The technique name.
Tactics The tactic name.
Platforms The technique platform.
Mitre Version The MITRE version.
Is Revoked? True or False.
URL The link to the MITRE description on https://attack.mitre.org.
Description The MITRE description.

Click the NDR Anomaly tab to view all the NDR sessions associated with the selected technique.

Previous
Next

MITRE ATT&CK

MITRE ATT&CK is a knowledge base of threat behaviors relied upon by security professionals worldwide. The Network Insights > MITRE ATT&CK page tracks the number of events that occurred for each MITRE attack tactics category.

The dashboard displays the detection by behavior (behavioral and non-behavioral) and by technique (primary and secondary).

  • The Primary technique is what is used to detect the behavior.
  • The Secondary technique is not always related to what is seen on the network, but is related to the threat in general. The secondary technique will not be displayed in some instances.

The column headers in the MITRE ATT&CK page are tactics, and the tiles within these columns are the relevant techniques.

To view the secondary technique, click the vertical bars at right side of the tile.

Event handler coverage

When Show All is selected, the MITRE ATT&CK technique with FortiNDR coverage appears as a blue block. When a MITRE ATT&CK technique detection has been triggered, the technique block will display a shield icon.

When Show Coverage is selected, the technique blocks with no FortiNDR coverage are hidden so the matrix can fit the page. In this view, dark blue blocks represent the MITRE techniques detection were triggered.

Click Download Mitre Coverage to save export the data as CSV file.

Mitre ATT&CK detail

Click a tile in the column to view Information about the technique:

Technique ID The technique ID.
Technique Name The technique name.
Tactics The tactic name.
Platforms The technique platform.
Mitre Version The MITRE version.
Is Revoked? True or False.
URL The link to the MITRE description on https://attack.mitre.org.
Description The MITRE description.

Click the NDR Anomaly tab to view all the NDR sessions associated with the selected technique.

Previous
Next