--- title: "Imported ATT&CK Views | ThreatConnect" slug: "imported-attack-views" description: "This article describes how to import ATT&CK views into the ThreatConnect ATT&CK Visualizer. It also describes the overlays available for imported ATT&CK views." tags: ["Connecting Data", "Viewing Data"] updated: 2025-10-02T20:20:17Z published: 2025-10-02T20:20:17Z --- > ## Documentation Index > Fetch the complete documentation index at: https://knowledge.threatconnect.com/llms.txt > Use this file to discover all available pages before exploring further. # Imported ATT&CK Views ## Overview You can use the ATT&CK® Visualizer to import ATT&CK views built in the [MITRE ATT&CK® Navigator](https://mitre-attack.github.io/attack-navigator/) into ThreatConnect®. By using ThreatConnect as a repository for all your ATT&CK views, your security teams can collaborate more effectively when evaluating and optimizing your organization’s cybersecurity strategy. After you import an ATT&CK view, you can save it so that you and other users in your Organization can [open it from the **ATT&CK**screen](https://knowledge.threatconnect.com/docs/viewing-and-managing-saved-attack-views), or you can export it as a PNG or JSON file. The ATT&CK Visualizer includes three view overlays for imported ATT&CK views: **Threat Group Comparison**, **Technique Prevalence**, and **Security Coverage**. Together, these overlays empower you to make more informed decisions regarding your organization’s security strategies, ensuring effective defense prioritization and keeping you ahead of evolving threats. NoteImported ATT&CK views cannot be modified. The only part of an imported ATT&CK view that is editable is its name after it has been saved. ## Before You Start ### User Roles - To import ATT&CK views, your user account must have an [Organization role](https://knowledge.threatconnect.com/docs/organization-roles) of Standard User, Sharing User, Organization Administrator, or App Developer. - To save imported ATT&CK views, your user account must have an Organization role of Standard User, Sharing User, Organization Administrator, or App Developer. - To open saved imported ATT&CK views, your user account can have any Organization role. - To edit and delete saved imported ATT&CK views, your user account must have an Organization role of Standard User, Sharing User, Organization Administrator, or App Developer. - To export saved imported ATT&CK views, your user account can have any Organization role. - To export unsaved imported ATT&CK views, your user account must have an Organization role of Standard User, Sharing User, Organization Administrator, or App Developer. ### Prerequisites - To use the **Security Coverage**overlay, [assign security coverage for your Organization in the ATT&CK Visualizer](https://knowledge.threatconnect.com/docs/attack-security-coverage) (must be an Organization Administrator to perform this action). ## Importing ATT&CK Views Follow these steps to import an ATT&CK view built in the [MITRE ATT&CK Navigator](https://mitre-attack.github.io/attack-navigator/) into the ThreatConnect ATT&CK Visualizer: 1. Export an ATT&CK view built in the MITRE ATT&CK Navigator as a JSON file.ImportantOnly single-layer ATT&CK views built in the MITRE ATT&CK Navigator may be imported into the ThreatConnect ATT&CK Visualizer. When exporting an ATT&CK view from the MITRE ATT&CK Navigator, select the **download single layer as json**export option. 2. In ThreatConnect, select **ATT&CK**from the **Tools**dropdown on the top navigation bar. 3. Click the **+ Create ATT&CK View**button at the upper right of the **ATT&CK**screen and select **Imported View…**. 4. Locate and select the JSON file downloaded from the MITRE ATT&CK Navigator. After the ATT&CK view is imported, the ATT&CK Visualizer will open and display the ATT&CK view. ## ATT&CK Visualizer Overlays for Imported Views The ATT&CK Visualizer includes the following overlays for imported ATT&CK views: - [Imported Color Assignments](/docs/imported-attack-views#imported-color-assignments) (default) - [Imported Score Prevalence](/docs/imported-attack-views#imported-score-prevalence) - [Security Coverage](/docs/imported-attack-views#security-coverage) You can change overlays in the ATT&CK Visualizer using the dropdown at the upper left of the ATT&CK Visualizer, next to the search bar. ### Imported Color Assignments The **Imported Color Assignments**overlay displays the colors and scores assigned to techniques and sub-techniques that were annotated in the MITRE ATT&CK Navigator (Figure 1). ![Figure%201_Imported%20ATT&CK%20Views_7.4.0](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/Figure%201_Imported%20ATT&CK%20Views_7.10.0.png) When using the **Imported Color Assignments**overlay, the ATT&CK Visualizer displays tactics, techniques, and sub-techniques in the following ways: - Each tactic displays the number of its techniques that are annotated out of the total number of its techniques. - Annotated techniques and sub-techniques are outlined in the same color that was used when they were annotated in the MITRE ATT&CK Navigator. If a score has been assigned to a technique or sub-technique, it also displays the assigned score out of the maximum score possible. - Each annotated technique displays the number of its sub-techniques that are annotated out of the total number of its sub-techniques. If a technique has sub-techniques, but only the technique is annotated, the technique will display **0 of *<#>***, where ***<#>***is the total number of the technique’s sub-techniques. ### Imported Score Prevalence The **Imported Score Prevalence**overlay displays a color-coded heat map that shows the score range corresponding to techniques and sub-techniques that were assigned scores in the MITRE ATT&CK Navigator (Figure 2). ![Figure 4_ATT&CK Views_7.3.0](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/Figure%202_Imported%20ATT&CK%20Views_7.10.0.png) When using the **Imported Score Prevalence**overlay, the ATT&CK Visualizer displays tactics, techniques, and sub-techniques in the following ways: - Each tactic displays the number of its techniques that are annotated out of the total number of its techniques. - Annotated techniques and sub-techniques with scores are outlined in a color representing the score range (**Highest**, **High**, **Moderate**, and **Lowest**) in which their score falls. They also display a label with the corresponding score range and their assigned score out of the maximum score possible [e.g., ◼**Highest (75 of 100)**].NoteThe values associated with each score range used in the **Imported Score Prevalence**overlay are based on how scoring was configured when the ATT&CK view was built in the MITRE ATT&CK Navigator. - Annotated techniques and sub-techniques without scores are outlined in the same color that was used when they were annotated in the MITRE ATT&CK Navigator. - Each annotated technique displays the number of its sub-techniques that are annotated out of the total number of its sub-techniques. If a technique has sub-techniques, but only the technique is annotated, the technique will display **0 of *<#>***, where ***<#>***is the total number of the technique’s sub-techniques. ### Security Coverage The **Security Coverage**overlay displays your Organization’s security coverage for techniques and sub-techniques that were annotated in the MITRE ATT&CK Navigator. For more information, see *[ATT&CK Security Coverage](https://knowledge.threatconnect.com/docs/attack-security-coverage)*. ## Viewing Technique and Sub-technique Details Click a technique or sub-technique to open its [**Selection Details**drawer](https://knowledge.threatconnect.com/docs/visualizing-attack-tactics-techniques-and-sub-techniques) and view more details about the selected item and any Groups with a corresponding [ATT&CK Tag](https://knowledge.threatconnect.com/docs/attack-tags) applied to them. NoteYou can continue selecting techniques and sub-techniques while the **Selection Details**drawer is open. The drawer will update dynamically to reflect the current selections on the screen. ## Saving Imported ATT&CK Views Saving an imported ATT&CK view allows you and other users in your Organization to [open it from the **ATT&CK**screen](https://knowledge.threatconnect.com/docs/viewing-and-managing-saved-attack-views). To save a new (i.e., unsaved) imported ATT&CK view, click **Save View**at the upper right of the ATT&CK Visualizer. ## Imported ATT&CK View Options Use the **⋯**menu at the upper right of the ATT&CK Visualizer to do the following while an imported ATT&CK view is open in the ATT&CK Visualizer: - Switch to a different ATT&CK view (either a saved standard ATT&CK view or a saved imported ATT&CK view). - Import a new JSON file downloaded from the MITRE ATT&CK Navigator.WarningPerforming this operation will overwrite the contents of the imported ATT&CK view that is currently open in the ATT&CK Visualizer. - Export the imported ATT&CK view as a JSON or PNG file.NoteUsing the ATT&CK Visualizer’s **Export as PNG…** feature in Firefox® is not recommended at this time. - (Saved imported ATT&CK views only) Delete the imported ATT&CK view. --- *ThreatConnect® is a registered trademark of ThreatConnect, Inc.* *MITRE ATT&CK® and ATT&CK® are registered trademarks of The MITRE Corporation.* *Firefox® is a registered trademark of The Mozilla Foundation.* 20151-08 v.02.A