Add Tactics, Techniques and Procedures#
Add tactics, techniques and procedures (TTPs) to a case in TheHive.
TTPs describe the behaviors and methods commonly used by specific threat actors or groups.
Procedure
- 
Find the case where you want to add TTPs. 
- 
In the alert or case, select the TTPs tab. 
- 
Select . 
- 
In the Add TTP drawer, enter the following information: -Catalog * The MITRE catalog to use. By default, the Enterprise Attack catalog is installed with TheHive and includes all standard techniques. Additional catalogs can be added. -Occur date * The date when the attack occurred. -Technique * The technique used in the attack—describing how the attacker achieved their objective. -Procedure Turn on the toggle to add a detailed description of how the technique was carried out—the specific procedure used. 
- 
Select Confirm. 
