[Rule Tuning] Update rules with ATT&CK tactic and technique metadata #272
Assignees
Labels
Rule: Tuning
tweaking or tuning an existing rule
Comments
|
You're right. I missed that. Thanks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Currently, we cannot include an ATT&CK tactic in a rule without a technique. Some of our rules have no ATT&CK tactic/technique metadata in them. E.g. Some Okta rules that were part of the 7.9 release.
Once elastic/kibana#69166 is resolved, we should update our existing rules to include the relevant ATT&CK tactic metadata (and the technique metadata if there is an appropriate technique to map the rule to at that time).
We've submitted some information on new techniques to ATT&CK to help close some gaps, but they're still reviewing that information.
The text was updated successfully, but these errors were encountered: