MITRE ATT&CK Installation
Prerequisites
The following files are required for installation:
sm-mitrearchive with module files for OpenSearchsmMitreAttackarchive with module files for OpenSearch Dashboards
Installation Process
Installation on OpenSearch servers is performed using the following command:
sudo -u opensearch /app/opensearch/bin/opensearch-plugin install file://<Path to the module archive>
Installation on OpenSearch Dashboards servers is performed using the following command:
sudo -u opensearch /app/opensearch-dashboards/bin/opensearch-dashboards-plugin install file://<Path to the module archive>
After installing the module, you need to perform the actions listed in the Plugin Management.
Data Initialization
If the installation does not have internet access, a file with the matrix (enterprise-attack.json) will be required for initialization. The file needs to be copied to the servers where the module is installed, in the directory:
/app/opensearch/config/mitre
When updating, the matrix is updated entirely; it is not possible to initialize only part of the matrix. Existing matrix settings will not be affected by the update.
To index the current MITRE ATT&CK matrix data from the internet, you need to execute a request in System Settings - Developer Console:
PUT _mitre/init/url
To index the MITRE ATT&CK matrix data from a file, you need to execute a request in System Settings - Developer Console:
PUT _mitre/init/file
Adding a Section to the Main Menu
To add the module component to the menu, go to the Main Menu - Settings - Module Settings - Menu Settings - JSON Structure section. Add the JSON dictionary below to the data list.
Menu MITRE ATT&CK
{
"itemType": "module",
"name": "mitre-attack",
"show": false,
"id": "85160308-30dc-4989-aa01-eb7d2425c8fe",
"title": "MITRE ATT&CK®",
"sections": [
{
"itemType": "page",
"name": "matrix/priority",
"show": false,
"id": "29ef255e-1055-4cb7-94a8-c2ccdc84834d",
"title": "Priority Matrix",
"enabled": true
},
{
"itemType": "page",
"name": "matrix/detection",
"show": false,
"id": "aad0e6d1-e46b-4c41-a8f6-163a225a3e1a",
"title": "Detection Matrix",
"enabled": true
},
{
"itemType": "page",
"name": "matrix/coverage",
"show": false,
"id": "f0c40f5d-aeb9-4c92-90fb-c337a7f21840",
"title": "Coverage Matrix",
"enabled": true
},
{
"itemType": "page",
"name": "layers",
"show": false,
"id": "827eebe1-5c65-43cf-87fd-051cd533ae8c",
"title": "Layer Editor",
"enabled": true
},
{
"itemType": "group",
"group-sections": [
{
"itemType": "dashboard",
"dashboard-type": "single",
"name": "mitre_techniques_detections",
"show": false,
"id": "685bd5f0-1397-41bf-aca5-bb2b33ac9019",
"title": "All Detections",
"enabled": true
},
{
"itemType": "dashboard",
"dashboard-type": "single",
"name": "mitre_techniques_detections_details",
"show": false,
"id": "fc02658e-7ed5-4b9a-a75c-e839a51a0c82",
"title": "Detections Details",
"enabled": true
}
],
"name": "mitre_detections",
"show": false,
"id": "a3d84cb1-c1c5-40f7-a235-065b4454862e",
"title": "Detections",
"previewShow": false,
"enabled": true
},
{
"itemType": "group",
"group-sections": [
{
"itemType": "dashboard",
"dashboard-type": "single",
"name": "mitre_risk_scoring_summary",
"show": false,
"id": "08671c7c-6044-42b0-935e-dd2e7b88f938",
"title": "Risk-scoring Summary",
"enabled": true
},
{
"itemType": "dashboard",
"dashboard-type": "single",
"name": "mitre_risk_object_analysis",
"show": false,
"id": "7d12ebf7-03a0-4977-a56d-2195312edb22",
"title": "Object Analysis",
"enabled": true
}
],
"name": "risk",
"show": false,
"id": "a335ebb4-fccb-46b9-85a1-c487d708878b",
"title": "Risk-Scoring",
"previewShow": false,
"enabled": true
}
],
"enabled": true
}