In my last post about the MITRE attack Navigator I covered how you can create multiple layers and then aggregate them together which is all well and good until you realise, that if you wanted to see that level of detail each time you accessed the Attack Navigator you need to specify that json file. This is where this post comes in. Its quite a straight forward process to host your own navigator and further customise it to suit your needs.
MITRE ATT&CK. Its the bread and butter for Security Operations Centres. But how are you tracking what you can detect? Does your SIEM have a built in tool?, Perhaps you have you straight up copied the matrix into Excel? or keeping score in a text file? You may or may not be aware of the online version of the MITRE Navigator. Theres heaps of functionality, allowing you to apply custom colors, heat mapping to score tallies, show all the tactic/technique ID’s as well as export functionality to Excel/SVG/JSON.