Mitre COA - MITRE Layout

MITRE ATT&CK - Courses of Action Incident

Details

IDMitre COA - MITRE Layout
Groupincident
Version-1
From Version6.5.0

Layout Structure

Legacy Summary 0 sections

No sections defined.

Incident Info 14 sections

Case Details

Field IDPosition
type Col 0-2, Height: 22
severity Col 0-2, Height: 22
owner Col 0-2, Height: 22
dbotsource Col 0-2, Height: 22
sourcebrand Col 0-2, Height: 22
sourceinstance Col 0-2, Height: 22
playbookid Col 0-2, Height: 22

Notes

Linked Incidents

Child Incidents

Evidence

Team Members

Indicators

Timeline Information

Field IDPosition
occurred Col 0-1, Height: 53
dbotduedate Col 0-2, Height: 53
dbotcreated Col 0-2, Height: 53
dbotmodified Col 0-2, Height: 53
dbotclosed Col 1-2, Height: 53

Closing Information

Field IDPosition
dbotclosed Col 0-2, Height: 22
closereason Col 0-2, Height: 22
closenotes Col 0-2, Height: 22

Techniques to Handle

Handled Techniques

Work Plan

Handled Techniques

This section dynamically displays the handled techniques in a MITRE ATT&CK - Courses of Action investigation.

Field IDPosition
remediatedtechniques Col 0-2, Height: 22

Techniques to Handle

This section dynamically displays the list of MITRE ATT&CK techniques that were not yet handled using the Courses of Action playbook.

Field IDPosition
techniquestohandle Col 0-2, Height: 22
Executed Remediation Summary 13 sections

1. Initial Access Remediation

Initial Access consists of techniques that use various entry vectors to gain their initial foothold within a network.

Field IDPosition
initialaccessremediationproducts Col 0-2, Height: 22

2. Execution Remediation

Execution consists of techniques that result in adversary-controlled code running on a local or remote system.

Field IDPosition
executionremediationproducts Col 0-2, Height: 22

6. Credential Access Remediation

Credential Access consists of techniques for stealing credentials like account names and passwords.

Field IDPosition
credentialaccessremediationproducts Col 0-2, Height: 22

5. Defense Evasion Remediation

Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise.

Field IDPosition
defenseevasionremediationproducts Col 0-2, Height: 22

9. Collection Remediation

Collection consists of techniques adversaries may use to gather information and the sources information is collected from that are relevant to following through on the adversary’s objectives.

Field IDPosition
collectionremediationproducts Col 0-2, Height: 22

3. Persistence Remediation

Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access.

Field IDPosition
persistenceremediationproducts Col 0-2, Height: 22

8. Lateral Movement Remediation

Lateral Movement consists of techniques that adversaries use to enter and control remote systems on a network.

Field IDPosition
lateralmovementremediationproducts Col 0-2, Height: 106

7. Discovery Remediation

Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network.

Field IDPosition
discoveryremediationproducts Col 0-2, Height: 106

4. Privilege Escalation Remediation

Privilege Escalation consists of techniques that adversaries use to gain higher-level permissions on a system or network.

Field IDPosition
privilegeescalationremediationproducts Col 0-2, Height: 22

12. Impact Remediation

Impact consists of techniques that adversaries use to disrupt availability or compromise integrity by manipulating business and operational processes.

Field IDPosition
impactremediationproducts Col 0-2, Height: 22

11. Exfiltration Remediation

Exfiltration consists of techniques that adversaries may use to steal data from your network.

Field IDPosition
exfiltrationremediationproducts Col 0-2, Height: 22

10. Command and Control Remediation

Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network.

Field IDPosition
commandandcontrolremediationproducts Col 0-2, Height: 22

Tab Description

Field IDPosition
executedremediationsummarydescription Col 0-6, Height: 44
Best Practices 19 sections

Anti-Spyware Best Practices

You can attach an Anti-Spyware profile to a Security policy rule to detect connections initiated by spyware and command-and-control (C2) malware installed on systems on your network.

Field IDPosition
antispywareprofilename Col 0-2, Height: 53
antispywareprofilestatus Col 0-2, Height: 53
antispywarerules Col 0-2, Height: 53

Anti-Spyware Best Practices

Anti-Spyware related passed BPA checks results.

Field IDPosition
bpapassedchecksantispyware Col 0-4, Height: 106

Tab Description

Field IDPosition
bestpracticesdescription Col 0-6, Height: 44

WildFire Best Practices

Use a WildFire Analysis profile to specify for WildFire file analysis to be performed locally on the WildFire appliance or in the WildFire cloud. You can specify traffic to be forwarded to the public cloud or private cloud based on file type, application, or the transmission direction of the file (upload or download).

Field IDPosition
wildfireprofilename Col 0-2, Height: 22
wildfireprofilestatus Col 0-2, Height: 22
wildfirerules Col 0-2, Height: 22

WildFire Best Practices

WildFire related passed BPA checks results.

Field IDPosition
bpapassedcheckswildfire Col 0-4, Height: 106

Anti-Virus Best Practices

Use the Antivirus Profiles page to configure options to have the firewall scan for viruses on the defined traffic. Set the applications that should be inspected for viruses and the action to take when a virus is detected.

Field IDPosition
antivirusprofilename Col 0-2, Height: 53
antivirusprofilestatus Col 0-2, Height: 53
antivirusrules Col 0-2, Height: 53

Anti-Virus Best Practices

Anti-Virus related passed BPA checks results.

Field IDPosition
bpapassedchecksantivirus Col 0-4, Height: 106

File Blocking Best Practices

You can attach a File Blocking profile to a Security policy rule to block users from uploading or downloading specified file types or to generate an alert when a user attempts to upload or download specified file types.

Field IDPosition
fileblockingprofilename Col 0-2, Height: 53
fileblockingprofilestatus Col 0-2, Height: 53
fileblockingrules Col 0-2, Height: 53

File Blocking Best Practices

File Blocking related passed BPA checks results.

Field IDPosition
bpapassedchecksfileblocking Col 0-4, Height: 106

URL Filtering Best Practices

You can use URL filtering profiles to control access to web content.

Field IDPosition
urlfilteringprofilename Col 0-2, Height: 53
urlfilteringprofilestatus Col 0-2, Height: 53
urlfilteringrules Col 0-2, Height: 53

URL Filtering Best Practices

URL Filtering related passed BPA checks results.

Field IDPosition
bpapassedchecksurlfiltering Col 0-4, Height: 106

Vulnerability Protection Best Practices

A Security policy rule can include specification of a Vulnerability Protection profile that determines the level of protection against buffer overflows, illegal code execution, and other attempts to exploit system vulnerabilities.

Field IDPosition
vulnerabilityprotectionprofilename Col 0-2, Height: 53
vulnerabilityprotectionprofilestatus Col 0-2, Height: 53
vulnerabilityprotectionrules Col 0-2, Height: 22

Vulnerability Protection Best Practices

Vulnerability Protection related passed BPA checks results.

Field IDPosition
bpapassedchecksvulnerabilityprotection Col 0-4, Height: 106

New Section

Anti-Spyware related failed BPA checks results.

Field IDPosition
bpafailedchecksantispyware Col 0-4, Height: 106

New Section

Anti-Virus related failed BPA checks results.

Field IDPosition
bpafailedchecksantivirus Col 0-4, Height: 106

New Section

File Blocking related failed BPA checks results.

Field IDPosition
bpafailedchecksfileblocking Col 0-4, Height: 106

New Section

URL Filtering related failed BPA checks results.

Field IDPosition
bpafailedchecksurlfiltering Col 0-4, Height: 106

New Section

Vulnerability Protection related failed BPA checks results.

Field IDPosition
bpafailedchecksvulnerabilityprotection Col 0-4, Height: 106

New Section

WildFire related failed BPA checks results.

Field IDPosition
bpafailedcheckswildfire Col 0-4, Height: 106
War Room 0 sections

No sections defined.

Work Plan 0 sections

No sections defined.

Evidence Board 0 sections

No sections defined.

Related Incidents 0 sections

No sections defined.

Canvas 0 sections

No sections defined.