Group by MITRE Tactics and Techniques

The Group By field in the Vulnerabilities tab allows you to categorize data based on your criteria. You can group the data by Mitre Attack Tactic Name, Mitre Attack Tactic, or Mitre Attack Technique Name from the GroupBy drop-down menu. The following screenshot is an example of the Group by field that lists all three types of MITRE group by: 

Group By for Mitre Attack Tactic Name

Select the Mitre Attack Tactic Name to retrieve a list of all Tactic Names and their associated Tactic ID for the total detections. The following screenshot highlights the Mitre Attack Tactic IDs, Names, and the Detection Count for each Tactic Name:

After generating the list, click on the Detection Count of a Tactic Name to view the associated QIDs. For example, clicking the Lateral Movement Tactic Detection Count displays a list of QIDs associated with the Lateral Movement Tactic Name and its related query in the Vulnerabilities query search bar. Refer to the following screenshot for reference: 

Group By for Mitre Attack Tactic

From the Mitre Attack Tactic, select the Mitre Attack Technique Name to retrieve a list of all Technique Names and their associated Technique ID for the total detections of the Tactic. The following screenshot highlights the Mitre Attack Technique IDs, Names, and the Detection Count for each Tactic:

After generating the list, click on the Detection Count of a Technique Name to view the associated QIDs. For example, clicking the Exploit Public Facing Application Detection Count will display a list of QIDs associated with this technique name and its related Tactic ID and Technique ID query in the Vulnerabilities query search bar. Refer to the following screenshot for reference: 

Group By for Technique Name

Select the Mitre Attack Technique Name to retrieve a list of all Technique Names and their associated Technique ID for the total detections. The following screenshot highlights the Mitre Attack Technique IDs, Names, and the Detection Count for each Technique Name:

After generating the list, click on the Detection Count of a Technique Name to view the associated QIDs. For example, clicking the Exploitation of Remote Services Detection Count displays a list of QIDs associated with this Technique Name and its related query in the Vulnerabilities query search bar. Refer to the following screenshot for reference: