MITRE APTs report

MITRE Advanced Persistent Threat Groups (MITRE APTs) web report obtains data published through the MITRE ATT&CK® Framework, analyses and compares it with the patch levels of the devices in your BigFix environment, and visualizes the analysis as a bar chart to help you take informed decision to mitigate the security threat.

MITRE ATT&CK® Framework is a documented collection of information about the malicious behaviors that the APT groups have used at various stages in real-world cyber attacks. For more information, refer to the official website at https://attack.mitre.org/.

MITRE APTs report analyses the data within MITRE ATT&CK and correlates the tactics, techniques, and procedures leveraged by APT’s to the BigFix Patch content based on the CVEs.

To view the MITRE APTs report, from BigFix CyberFOCUS Analytics web report, click the MITRE APTs tab.

  • The stacked bars on the chart indicate different CVE’s that have been associated to a given APT group.

  • Colour of the bar indicates the unique CVE. The same colour on the different bars indicates that the same CVE can be leveraged by different APT groups.

  • X-axis indicates APT group

  • Y-axis indicates number of exposures

  • Total Exposure Count indicates total exposures across all APT groups

  • MITRE suggestion feature suggests 2 CVEs that will be most useful to remediate first. Click 2 icon next to Total Exposure Count to see suggestions

Hover over a given bar to see the CVE associated with the APT group. Below the chart a tool tip appears with the information about the group name and CVE number. The CVE number denotes the number of exposures associated to this CVE. To find out more about MITRE group click Mitre Group Details hyperlink.

Click the number of exposures in the CVE Table to check the Fixlet details that comprise the exposure.

CVE Table

CVE Table provides the information about the CVEs and applicable environment details for associated APT group.

  • CVE – CVE number

  • Number of exposures. Click the number of exposures in the CVE Table to check the Fixlet details that comprise the exposure.

  • Number of unique machines

  • Number of Fixlets Associated

  • Number of Fixlets Relevant

Legend strikethrough

Top of the graph shows the legend of individual CVE. Click the CVE to see how the threat group would look if the CVE was entirely mitigated.

Example below shows how the graph changes when clicking CVE-2020-1472.

See also