Add Tactics, Techniques and Procedures#
Add tactics, techniques and procedures (TTPs) to a case in TheHive.
TTPs describe the behaviors and methods commonly used by specific threat actors or groups.
Procedure
-
Find the case where you want to add TTPs.
-
In the alert or case, select the TTPs tab.
-
Select .
-
In the Add TTP drawer, enter the following information:
-Catalog *
The MITRE catalog to use. By default, the Enterprise Attack catalog is installed with TheHive and includes all standard techniques. Additional catalogs can be added.
-Occur date *
The date when the attack occurred.
-Technique *
The technique used in the attack—describing how the attacker achieved their objective.
-Procedure
Turn on the toggle to add a detailed description of how the technique was carried out—the specific procedure used.
-
Select Confirm.