4.1 MITRE ATT&CK Dashboards

Content in a MITRE dashboard depends on the widgets that it displays, as well as the dashboard’s specified time range.

4.1.1 MITRE ATT&CK Overview

The MITRE ATT&CK Overview dashboard provides a view of MITRE ATT&CK events forwarded to Recon from ArcSight ESM. This dashboard includes the following charts:

Top 10 Destination Hostnames

Provides a list of the Top 10 destination host names of MITRE ATT&CK events.

Top 10 Source Hostnames

Provides a list of the Top 10 source host names of MITRE ATT&CK events.

MITRE IDs by Destination Hosts

Indicates whether a destination host is involved in one to three MITRE IDs. The size of the solid ovals in the chart are an approximate graphical representation of the count of the MITRE IDs. To get the actual count, move your cursor over the oval.

Source Hosts by MITRE IDs

Indicates whether the same MITRE ID is involved in one to three source host names. The color of the solid ovals in the chart indicate the count for the host name shown in the oval when compared to the legend. To get the actual count, move your cursor over the oval.

Top Destination IPs

Provides the Top 10 destination IP addresses related to a MITRE ID. The donut chart represents the number of times an IP address was the destination of a MITRE ID: the larger the area, the higher the count. The legend is not sorted by count.

Top Source IPs

Provides the Top 10 Source IP addresses related to a MITRE ID. The pie chart is evenly distributed by size among the IP addresses. The count is indicted by the color of the pie piece.

Destination Usernames by MITRE ID

Shows whether one or two destination user names are involved in the same MITRE ID.

MITRE IDs by Source Username

Shows the usernames involved with a MITRE ID (up to 10).

4.1.2 Evaluation Techniques and Tactics Summary

The Summations of the Evaluation Techniques and Tactics dashboard shows the total detection count by techniques and tactics. This dashboard includes the following bar charts:

Total Technique by Tactic

Displays the top tactics

Total Techniques by ID

Displays the top technique IDs (up to 30)

Total Technique IDs by MITRE Name

Displays the top MITRE names (up to 20)

Total Techniques IDs by Event Name

Displays the top technique event names (up to 20)