Minor changes and enhancements
- Two enhancements have been implemented for the MITRE ATT&CK® Threat Coverage Explorer:
- The current tactic, technique and sub-technique metrics for the (default) Theoretical and Historical views are now written to the
sumologic_system_eventsaudit logs daily. This data can be used in dashboards to track coverage and events over time. - It is now possible, using the
/mitre-attack/jsonendpoint, to extract the MITRE Explorer-formatted JSON via API. (This works the same as the Export button in the UI.)
- The current tactic, technique and sub-technique metrics for the (default) Theoretical and Historical views are now written to the
- On the Insight details page, on the Entities tab, the default view is now the Graph view instead of the List view.
- Threat reputation icons/labels are now visible in a number of additional places throughout the UI. These can be set via enrichment.
Bug fixes
- In some cases, events that are supposed to occur automatically after an Insight is opened were not executing, or were severely delayed.
- If an Insight comment included a long URL, text wrapping was not behaving correctly and some text was being clipped from view. Also, newline characters were not always being honored properly in comments.