/
MITRE_ATTACK.yaml
20 lines (19 loc) · 1.32 KB
/
MITRE_ATTACK.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Descriptor:
Name: MITRE_Attack
DisplayName: MITRE ATT&CK Reference
Description: The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
Icon: https://github.com/rod-trent/Copilot-for-Security/blob/main/Plugins/Images/mitrea.png?raw=true
SkillGroups:
- Format: KQL
Skills:
- Name: MITRE_Attack
DisplayName: MITRE ATT&CK Reference
Description: The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
Settings:
Target: Sentinel
TenantId: f70d46d0-7fd7-48a5-8586-e6a8199d4de5
SubscriptionId: 2959f496-711b-447e-9b85-53a1da341c4c
ResourceGroupName: rodazuresentinel
WorkspaceName: RodAzureSentinelWorkspace
Template: |-
let MITRE = externaldata (name:string,id:string,url:string,platforms:string,killchainphases:string,description:string,datasources:string,detection:string) [@"https://raw.githubusercontent.com/rod-trent/Copilot-for-Security/main/Plugins/Data/enterprise-attack.csv"] with (ignoreFirstRecord=true, format="csv"); MITRE