Contents x
Deploying the MITRE ATT&CK Source Feed
  • 01 Sep 2022
  • 1 Minute to read
  • Print
  • Dark
    Light
Contents

Deploying the MITRE ATT&CK Source Feed

  • Updated on 01 Sep 2022
  • 1 Minute to read
  • Print
  • Dark
    Light
Article summary

System Administrators can follow these steps to deploy the MITRE ATT&CK™ Source Feed after installing the MITRE ATT&CK 2.0.x App:

  1. After the MITRE ATT&CK App is installed, the Source tab of the Feed Deployer window will be displayed automatically (Figure 1).
    Note
    You can also access this window from the Installed tab of the TC Exchange™ Settings screen by locating the MITRE ATT&CK 2.0.x App, clicking the vertical ellipsis in the Options column, and selecting Deploy.

    Graphical user interface, application, Teams Description automatically generated

     

    • Sources to Create: Select the MITRE ATT&CK checkbox in the dropdown menu.
    • Owner: Select the Organization into which the MITRE ATT&CK Source will be deployed.
    • Activate Deprecation: Leave this checkbox selected.
    • Create Attributes: Leave this checkbox selected.
    • Click the Next button.
  2. The Parameters tab of the Feed Deployer window will be displayed (Figure 2).

    Graphical user interface Description automatically generated

     

    • The Parameters tab is intentionally blank.
    • Click the Next button.
  3. The Variables tab of the Feed Deployer window will be displayed (Figure 3).

    Graphical user interface, application, website Description automatically generated

     

    • The feed does not require any configuration of variables.
    • Click the Next button.
  4. The Confirm tab of the Feed Deployer window will be displayed (Figure 4).

    Graphical user interface, application Description automatically generated

     

    • Run Jobs after deployment: Leave this checkbox selected.
    • Activate Jobs after deployment: Leave this checkbox selected.
    • Click the DEPLOY button.
      Important
      If an existing MITRE ATT&CK Source feed is deployed in your Organization, a Confirm Deployment Over Existing Source checkbox will be displayed above the Back button. Select this checkbox to disable the existing Job associated with the MITRE ATT&CK Source feed and deploy the MITRE ATT&CK Source feed for the MITRE ATT&CK 2.0.x App.
Warning
If deploying over an existing MITRE ATT&CK Source, all Groups in that Source will be deleted when the MITRE ATT&CK Source feed for the MITRE ATT&CK 2.0.App is deployed. To prevent Groups that are not included in the MITRE ATT&CK Source feed from being deleted during subsequent Job runs, set the Advanced Settings parameter to delete_enabled=false for the corresponding Job, as detailed in MITRE ATT&CK Manual Job Configuration (Advanced Users Only).

The Feed Deployer window will close, and a message will be displayed along the top of the TC Exchange Settings screen confirming that the Source was deployed in the selected owner.

ThreatConnect® is a registered trademark, and TC Exchange™ is a trademark, of ThreatConnect, Inc.
MITRE ATT&CK™ is a trademark of The MITRE Corporation.

20119-04 v.03.A

Was this article helpful?
What's Next
Company
Sales and Support
Follow Us
© 2012–2023 ThreatConnect, Inc. All Rights Reserved.