ATT&CK drilldown tab

Jump to bottom

Edoardo Gerosa edited this page May 31, 2020 · 1 revision

The ATT&CK drilldown tab provides insights into all ATT&CK triggers registered within the specified timespan. More importantly the tab allows to drill down into Sysmon logs by filtering by ATT&CK tactics, techniques, technique ID and excluded hosts.

alt text

The ATT&CK drilldown tab displays the following tables:

Drilldown tables displaying Sysmon logs within the specified timespan and filters:
- Process create activity
- Process access activity
- File create activity
- Image loaded activity
- Network connection activity
- Registry access activity
- Pipe create and connect activity
- DNS request activity

A higher definition picture of the ATT&CK drilldown tab can be found here.