MITRE integration

[juankaromo]

Hi team,

We need to implement a new integration with MITRE adding a new dashboard for those alerts. On the other hand, we need to show all the MITRE ids in a table and show their details.

Core issue wazuh/wazuh#3709

Tasks:

• Add new "MITRE" extension (disabled by default)
  • Allow the user to enable/disable the extension clicking on the eye icon
  • Clicking on the new extension should open the new MITRE tab

The MITRE tab will be divided in 2 sections:

• MITRE table
  • Add a table with all the different Mitre tactics
  • The API can only send 10 tactics per request, allow pagination in the table.
  • Clicking on a specific tactic should show extra information about that tactic. (The idea is to show a flyout with the tactic information)
• MITRE dashboard

[pablotr9]

Hi team,

The new MITRE extension has been added to the THREAT DETECTION AND RESPONSE section.
This new extension is disabled by default.
We can now enable/disable the new MITRE extension clicking on the eye icon:

The MITRE table has been added.
Pagination has also been added to the table:

[pablotr9]

Hi team,

As we discussed, instead of a table we have created a card slider (we are still working on it) that shows MITRE attacks ordered by the number of alerts in Elasticsearch of each of the attacks in the specified date range and with the applied filters

[pablotr9]

Update
Current status of the MITRE overview tab:

• Mitre card slider example:
  

• MITRE Overview dashboard:
  

• MITRE Agents dashboard:

• Platforms and Data sources field are not being shown correctly
  

• Click on the attack name should filter by that attack. (in progress)
  

[pablotr9]

UPDATE
Some bugs we have found while testing this new MITRE tab:

• When there are no results and then we change the time picker, the card slider gets bugged with incorrect results:
  

*Edit:
After some debugging, we finally found the error and it has been already fixed:

[jsanchez91]

Mockup v0.2.0

This is another prototype of Mitre's dashboard:

Tool for show and filter the Tactics and Techniques alerts

The tool shows the Tactics with alerts and its count:

It is possible to display all Tactics using the control in the upper left corner "show tactics without alerts".

The control under Tactics shows the Techniques and their count.

In the same way, the control in the upper left corner shows the 'Techniques' without alerts.

All Tactics and Techniques have a context menu with controls to apply filters and display their related information.

[juankaromo]

Here is the result of this first deliverable iteration

Regards,