How to Update a Tactics, Techniques and Procedures Catalog

This topic provides step-by-step instructions for updating a Tactics, Techniques and Procedures (TTPs) catalog in TheHive.

TTPs describe the behaviors and methods commonly used by specific threat actors or groups.

The default and additional MITRE catalogs aren't updated automatically. Use this procedure to get the latest versions.

Required permissions

Only users with an admin-type profile that has the managePattern permission can manage TTPs in TheHive.

Procedure

1. Go to the Entities management view from the sidebar menu.

   

2. Select the Attack patterns tab.

   

3. In the Import MITRE ATT&CK patterns drawer, select Import MITRE ATT&CK patterns.

4. Select the existing catalog you want to update.

5. Drop a JSON file from the latest version of the Enterprise ATT&CK and Mobile ATT&CK MITRE matrices.

6. Select Import.

Next steps

• Add a Catalog
• Remove a Catalog
• View Techniques in a Catalog