[Feature Request] Incorporate MITRE map or json export for selected TTP's in a case

[aacgood]

Request Type

Feature Request

Feature Description

Within a case, for whatever TTP's are added to an incident, include a heatmap output for the MITRE attack framework so that you can see at a glance what areas of the framework are touched within an incident.

Alternativley, output a json file so that it can be manually added via the Attack Navigator

Feature could possibly be added into a dashboard so that any TTP's seen over all cases in a selected timeframe could be overlayed in a heatmap giving a SOC Manager visibility / reportability into what areas they are being targetted the most. Creating a heatmap in the Attack Navigator is possible to construct via json.

Complementary information

[vdebergue]

Hello, thank you for the feedback.

Integrating the navigator in TheHive UI seems a bit too complex at the moment but creating a json layer file seems doable.
We could first include it for a single case and then add the ability to generate the layer from multiple cases to get the heatmap.

For reference, Mitre uses some ptyhon scripts to generate the json layers: https://github.com/mitre-attack/attack-scripts/tree/master/scripts/layers/samples

I will add this feature on the roadmap, it may be available in 5.2 (5.1 is almost ready so a bit late to include this feature there)