About Tactics, Techniques and Procedures#
Tactics, techniques and procedures (TTPs) describe the behaviors and methods commonly used by specific threat actors or groups.
Definitions#
Tactics describe the goals of threat actors—what they're trying to achieve.
Techniques show how they achieve those goals.
Procedures detail how they implement the techniques in practice.
MITRE ATT&CK framework#
By default, TheHive includes the MITRE Enterprise Matrix. It's installed during setup, and a catalog named Enterprise Attack is created with all the techniques.
This catalog can be updated or supplemented by adding others.
Actions#
Add or remove TTPs from cases. You can also export TTPs from both cases and alerts.
Permissions#
Only users with an admin-type profile that has the managePattern
permission can manage TTPs in TheHive.
Only users with the manageProcedure
permission can add and remove TTPs in cases and alerts in TheHive.