Content in a MITRE dashboard depends on the widgets that it displays, as well as the dashboard’s specified time range.
The MITRE ATT&CK Overview dashboard provides a view of MITRE ATT&CK events forwarded to Recon from ArcSight ESM. This dashboard includes the following charts:
Provides a list of the Top 10 destination host names of MITRE ATT&CK events.
Provides a list of the Top 10 source host names of MITRE ATT&CK events.
Indicates whether a destination host is involved in one to three MITRE IDs. The size of the solid ovals in the chart are an approximate graphical representation of the count of the MITRE IDs. To get the actual count, move your cursor over the oval.
Indicates whether the same MITRE ID is involved in one to three source host names. The color of the solid ovals in the chart indicate the count for the host name shown in the oval when compared to the legend. To get the actual count, move your cursor over the oval.
Provides the Top 10 destination IP addresses related to a MITRE ID. The donut chart represents the number of times an IP address was the destination of a MITRE ID: the larger the area, the higher the count. The legend is not sorted by count.
Provides the Top 10 Source IP addresses related to a MITRE ID. The pie chart is evenly distributed by size among the IP addresses. The count is indicted by the color of the pie piece.
Shows whether one or two destination user names are involved in the same MITRE ID.
Shows the usernames involved with a MITRE ID (up to 10).
The Summations of the Evaluation Techniques and Tactics dashboard shows the total detection count by techniques and tactics. This dashboard includes the following bar charts:
Displays the top tactics
Displays the top technique IDs (up to 30)
Displays the top MITRE names (up to 20)
Displays the top technique event names (up to 20)