AlienVault® USM Anywhere™

ATT&CK Mapping in Alarms

Role Availability Read-Only Analyst Manager

USM Anywhere adds and links a specific MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) identification (ID) to an alarm.

To search for alarms with the Rule Attack ID field

  1. Go to Activity > Alarms.
  2. Click Configure Filters.
  3. Search for rule attack id in the available filters.

  4. Click the icon to select the filter.
  5. Click Apply.
  6. In the left pane, scroll to find the section for the Rule Attack ID filter and click one of the items.

  7. Click an alarm and look for the Rule Attack ID field.

    The specific Rule Attack ID field displays the link to the ID in the ATT&CK framework.