AlienVault® USM Anywhere™

ATT&CK Mapping in Events

Role Availability Read-Only Analyst Manager

USM Anywhere adds and links a specific MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) identification (ID) to an event.

To search for events with the Event Attack ID field

  1. Go to Activity > Events.
  2. Click Configure Filters.
  3. Search for event attack id in the available filters.

  4. Click the icon to select the filter.
  5. Click Apply.
  6. In the left pane, scroll to find the section for the Event Attack ID filter and click one of the items.

  7. Click an event and look for the Event Attack ID field.

    The specific Event Attack ID field displays the link to the ID in the ATT&CK framework.