About Tactics, Techniques and Procedures

Tactics, techniques and procedures (TTPs) describe the behaviors and methods commonly used by specific threat actors or groups.

Definitions

Tactics describe the goals of threat actors—what they're trying to achieve.

Techniques show how they achieve those goals.

Procedures detail how they implement the techniques in practice.

MITRE ATT&CK framework

By default, TheHive includes the MITRE Enterprise Matrix. It's installed during setup, and a catalog named Enterprise Attack is created with all the techniques.

This catalog can be updated or supplemented by adding others.

Actions

Add or remove TTPs from cases. You can also export TTPs from both cases and alerts.

Permissions

Only users with an admin-type profile that has the managePattern permission can manage TTPs in TheHive.

Only users with the manageProcedure permission can add and remove TTPs in cases and alerts in TheHive.

Next steps

• Add a Catalog
• Update a Catalog
• Remove a Catalog
• View Techniques in a Catalog
• Add TTPs
• Remove TTPs
• Export TTPs