Skip to main content
Overview The TTPs (Tactics, Techniques, and Procedures) tab provides a comprehensive view of the MITRE ATT&CK techniques and tactics associated with an alert, helping analysts understand and document adversary behavior.
MITRE ATT&CK Integration Framework Overview
Enterprise ATT&CK Matrix
Mobile ATT&CK Matrix
ICS ATT&CK Matrix
Pre-ATT&CK Tactics
Mapping Capabilities
Technique selection
Sub-technique support
Tactic categorization
Confidence scoring
Managing TTPs Adding Techniques
Browse or search ATT&CK matrix
Select relevant technique
Choose sub-techniques if applicable
Set confidence level
Add supporting evidence
Bulk Operations
Import technique list
Export TTP mapping
Bulk update confidence
Remove multiple techniques
TTP Properties
Technique ID
Technique name
Sub-technique details
Confidence level
Supporting evidence
Detection status
Mitigation status
Documentation Evidence Collection
Observable links
Screenshot attachments
Log excerpts
Analysis notes
Procedure Details
Implementation specifics
Tool usage
Command syntax
Execution timeline
Analysis Features Pattern Recognition
Common technique combinations
Campaign correlation
Actor attribution
Similar incidents
Impact Assessment
Technique severity
Asset scope
Business impact
Risk scoring
Visualization Matrix View
ATT&CK matrix navigation
Technique highlighting
Sub-technique expansion
Coverage mapping
Timeline View
Technique execution order
Time-based correlation
Pattern identification
Campaign tracking
Best Practices
Technique Mapping
Verify technique matches
Document evidence clearly
Set appropriate confidence
Link to observables
Documentation
Detail procedure specifics
Include context
Reference sources
Update findings
Analysis
Look for patterns
Compare with known actors
Assess impact
Plan mitigations
Next Steps 
