Question

Cymulate MITRE dashboard

  • 24 October 2023
  • 3 replies
  • 66 views

Userlevel 1
Badge

Hi Cymulate.

How come the Cymulate MITRE ATT&CK heatmaps/dashboard contains more techniques than the actual MITRE framework? there are some Techniques (for example Control Panel Items T1196) that i cant find on the MITRE database for Enterprise/Mobile/ICS matrixes.

Also, do Cymulate provide a data matrix of Technique coverage for each module? (including advanced) 

 

Thanks 


3 replies

Userlevel 3
Badge +3

We periodically update the matrix based on MITRE's updates. We will release an update soon for the new versionת I’ll keep you posted.

Regarding your second question, I would appreciate clarification, as I didn't fully understand the question.
Are you asking if there is a single matrix that includes both the results of the assessments from the BAS and the Advanced scenarios?

Userlevel 1
Badge

Regarding your second question, I would appreciate clarification, as I didn't fully understand the question.
Are you asking if there is a single matrix that includes both the results of the assessments from the BAS and the Advanced scenarios?

It looks like your Matrix covers both BAS & Advanced scenarios when i do tests? so that is fine.

What i meant to ask was would it be possible to add a feature where if you click on the Cymulate MITRE heatmap techniques (for example T1453) it takes you to the scenarios available that use the selected Technique number? at the moment it takes you to Findings (if a test has run) but if there was a button for Findings and another for “related scenarios”? 

this would improve workflow by not having to search for techniques in the Resources (executions) database within Advanced scenarios. And it would show users how many Techniques are covered by Cymulate across the MITRE framework 

Userlevel 3
Badge +3

Hi @Steve_Eyre 

It’s a great idea for a feature, we will add it.

 

In general we’re going to add more and more option filter scenarios by MITRE tactics and techniques, and via the matrix itself is a great suggestion 👍🏼

 

Thanks for you feedback! 

Reply