Find content with the MITRE ATT&CK-Driven Content Recommendation dashboard
Use MITRE ATT&CK to filter for the Splunk content related to MITRE ATT&CK techniques that are associated with many different threat groups.
Prerequisites
Configure the Data Inventory dashboard and Content Mapping. For more information, see Configure the products you have in your environment with the Data Inventory dashboard or Track active content in Splunk Security Essentials using Content Mapping.
Steps
- In Splunk Security Essentials, navigate to Analytics Advisor > MITRE ATT&CK-Driven Content Recommendation.
- In the Categories filter, click the issue category you're concerned with.
- (Optional) Adjust the filters for data availability and popularity.
A list of content recommendations appears based on your filters.