Add Tactics, Techniques and Procedures

manageProcedure

Add tactics, techniques and procedures (TTPs) to a case in TheHive.

TTPs describe the behaviors and methods commonly used by specific threat actors or groups.

Procedure

1. Find the case where you want to add TTPs.

2. In the alert or case, select the TTPs tab.

   

3. Select .

4. In the Add TTP drawer, enter the following information:

   -Catalog *

   The MITRE catalog to use. By default, the Enterprise Attack catalog is installed with TheHive and includes all standard techniques. Additional catalogs can be added.

   -Occur date *

   The date when the attack occurred.

   -Technique *

   The technique used in the attack—describing how the attacker achieved their objective.

   -Procedure

   Turn on the toggle to add a detailed description of how the technique was carried out—the specific procedure used.

5. Select Confirm.

Next steps

• Export TTPs
• Remove TTPs