Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    2024.10.0
    2024.10.0
    2024.9.0
    2024.7.0

    Viewing the MITRE ATT&CK Matrix

    Viewing the MITRE ATT&CK Matrix

    To view the MITRE ATT&CK Matrix:
    1. Click the Dashboard tab.
    2. In the toolbar at the top left-side of the page, click Default Dashboard > MITRE ATT&CK Dashboard. Optionally, you can click Go to MITRE Coverage Dashboard in the MITRE ATT&CK widget in the Default Dashboard.
    3. Click the Attack Behaviors drop-down at the top-right of the dashboard to filter the dashboard by behaviors:

      • All
      • Ransomware
      • Insider Threat
      • Cyber Espionage
    4. Click a technique in the table. A pop-up window displays a summary of the technique.

      TacticThe tactic of the behavior.
      CoverageThe coverage status of the technique and the sub-techniques.
      NameThe behavior name.
      ID

      ID number of the technique and the sub-techniques.

      For techniques and sub-techniques with active detections (indicated by a blue shield icon), the ID number is a hyperlink that directs you to the Detections page.

      Note

      The primary technique box displays a blue shield icon if there are active detections related to this technique or its sub-technique, and if you have the required permission to view the detections in the Detection page.

      Techniques with an empty shield icon indicate that the detections are resolved. You can still view the detections in the Detections page.

      Techniques without any past or present detections are displayed as text. However, it may also indicate that you do not have permission to view the detections related to the technique.

      Mitre Attack Popup

    5. To view the sub-technique, on the plus (+) symbol in the bottom-right corner of a Primary Technique box.

      The box expands to show the sub-techniques.

    To download the coverage details:
    • Click the Download Coverage Details button to download the coverage details as a CSV file which contains the Date Updated, Name, Primary Attack ID, Secondary Attack ID and Description.
    Previous
    Next

    Viewing the MITRE ATT&CK Matrix

    Viewing the MITRE ATT&CK Matrix

    To view the MITRE ATT&CK Matrix:
    1. Click the Dashboard tab.
    2. In the toolbar at the top left-side of the page, click Default Dashboard > MITRE ATT&CK Dashboard. Optionally, you can click Go to MITRE Coverage Dashboard in the MITRE ATT&CK widget in the Default Dashboard.
    3. Click the Attack Behaviors drop-down at the top-right of the dashboard to filter the dashboard by behaviors:

      • All
      • Ransomware
      • Insider Threat
      • Cyber Espionage
    4. Click a technique in the table. A pop-up window displays a summary of the technique.

      TacticThe tactic of the behavior.
      CoverageThe coverage status of the technique and the sub-techniques.
      NameThe behavior name.
      ID

      ID number of the technique and the sub-techniques.

      For techniques and sub-techniques with active detections (indicated by a blue shield icon), the ID number is a hyperlink that directs you to the Detections page.

      Note

      The primary technique box displays a blue shield icon if there are active detections related to this technique or its sub-technique, and if you have the required permission to view the detections in the Detection page.

      Techniques with an empty shield icon indicate that the detections are resolved. You can still view the detections in the Detections page.

      Techniques without any past or present detections are displayed as text. However, it may also indicate that you do not have permission to view the detections related to the technique.

      Mitre Attack Popup

    5. To view the sub-technique, on the plus (+) symbol in the bottom-right corner of a Primary Technique box.

      The box expands to show the sub-techniques.

    To download the coverage details:
    • Click the Download Coverage Details button to download the coverage details as a CSV file which contains the Date Updated, Name, Primary Attack ID, Secondary Attack ID and Description.
    Previous
    Next