Accessing the ATT&CK Visualizer

Updated on 25 Nov 2024
3 Minutes to read

Print
Dark

Light

Article summary

Did you find this summary helpful?

Thank you for your feedback

Overvie

In ThreatConnect^®, you can use the ATT&CK^® Visualizer to create standard ATT&CK views and see all tactics, techniques, and sub-techniques in the MITRE ATT&CK^® Enterprise Matrix, as well as those used by one or more Group objects. You can also use the ATT&CK Visualizer to import ATT&CK views created in the MITRE ATT&CK Navigator.

The quickest way to access the ATT&CK Visualizer is via the ATT&CK screen in ThreatConnect; however, you may also access it by selecting Visualize ATT&CK in the Visual Analysis menu on a Group’s Details drawer, a Group’s Details screen, and a Group search result’s ⋯ menu on the Search screen.

Note

Organization Administrators can also use the ATT&CK Visualizer to assign security coverage to techniques and sub-techniques for their Organization. For more information on accessing the Assign Coverage view in the ATT&CK Visualizer and assigning security coverage, see ATT&CK Security Coverage.

Before You Start

User Roles

To access the ATT&CK Visualizer, your user account can have any Organization role.

ATT&CK Screen

If your user account has an Organization role of Standard User, Sharing User, Organization Administrator, or App Developer, follow these steps to access the ATT&CK Visualizer from the ATT&CK screen:

Click ATT&CK on the top navigation bar in ThreatConnect.
Click + Create ATT&CK View at the top right of the ATT&CK screen and select one of the following options:
- Standard View: Select this option to create a standard ATT&CK view and open it in the ATT&CK Visualizer.
- Imported View…: Select this option to import a view built in the MITRE ATT&CK Navigator and open it in the ATT&CK Visualizer.

If your user account has an Organization role of Read Only User or Read Only Commenter, follow these steps to access the ATT&CK Visualizer from the ATT&CK screen:

Click ATT&CK on the top navigation bar in ThreatConnect.
Click Explore ATT&CK View at the top right of the ATT&CK screen to create a standard ATT&CK view and open it in the ATT&CK Visualizer.

Details Drawer

Follow these steps to open the ATT&CK Visualizer from a Group’s Details drawer:

Open the Details drawer for a Group.
Click Visual Analysis in the header of the Group’s Details drawer and select Visualize ATT&CK. The ATT&CK Visualizer will open and display a new standard ATT&CK view with the Group added as an analysis layer (Figure 1). Depending on the size of your screen and the number of tactics, techniques, and sub-techniques used by the Group (i.e., the number of ATT&CK Tags applied to the Group), you may need to scroll horizontally and vertically to view all contents on the screen.

Details Screen

Follow these steps to open the ATT&CK Visualizer from a Group’s Details screen:

Open the Details screen for a Group.
Click Visual Analysis in the header of the Group’s Details screen and select Visualize ATT&CK. The ATT&CK Visualizer will open and display a new standard ATT&CK view with the Group added as an analysis layer (Figure 1). Depending on the size of your screen and the number of tactics, techniques, and sub-techniques used by the Group (i.e., the number of ATT&CK Tags applied to the Group), you may need to scroll horizontally and vertically to view all contents on the screen.
Important
You cannot access the ATT&CK Visualizer from a Group’s legacy Details screen. To access the ATT&CK Visualizer with an Email, Signature, or Task Group added as an analysis layer to a new ATT&CK view, access the ATT&CK Visualizer from the Group’s Details drawer or the Search screen , or create a new standard ATT&CK view and then add the Group as an analysis layer.

Search Screen

Follow these steps to open the ATT&CK Visualizer from the Search screen for a search result that is a Group:

Run a search of your ThreatConnect data on the Search screen.
While viewing search results on the Search screen, click the ⋯ menu for a search result that is a Group.
Select Visual Analysis in the Group search result’s ⋯ menu, followed by Visualize ATT&CK. The ATT&CK Visualizer will open and display a new standard ATT&CK view with the Group added as an analysis layer (Figure 1). Depending on the size of your screen and the number of tactics, techniques, and sub-techniques used by the Group (i.e., the number of ATT&CK Tags applied to the Group), you may need to scroll horizontally and vertically to view all contents on the screen.

ThreatConnect^® is a registered trademark of ThreatConnect, Inc.
MITRE ATT&CK^® and ATT&CK^® are registered trademarks of The MITRE Corporation.

20151-03 v.04.A

Was this article helpful?

What's Next

Standard ATT&CK Views

Table of contents

Overvie
Before You Start
ATT&CK Screen
Details Drawer
Details Screen
Search Screen