Adding MITRE enrichment rules to the correlator

To add MITRE enrichment rules from SOC_package:

1. In the Resources and services → Correlators section in KUMA, click Add to create a correlator or select an existing correlator from the list to enter the settings editing mode.
2. In the Correlator Installation Wizard, on the Enrichment step, click Add enrichment.
3. This opens the Enrichment window; in that window, in the Enrichment rule drop-down list, select the MITRE Technique and MITRE Tactics rules.

   The MITRE Technique and MITRE Tactics enrichment rules are pre-configured, you do not need to specify any additional settings.

4. Save the correlator settings.
5. If you have created a correlator, you must install the correlator service on the host. If you edited the settings of an active correlator, you mustrestart the correlator service.

MITRE Technique and MITRE Tactics enrichment rules are added.

Page top