Greetings

I have a tough time getting the MITRE parsing to work for one of my integrations. It’s a security platform that’s sending incidents to Sentinel using CEF and they arrive into Log Analytics looking like this, it’s been truncated for clarity etc.

Now, in the analytics rule under Alert Details I’ve tried different settings for the tactics and/or techniques using either the mitre_id column or mitre_name but none of those ever show up in the incident.

Does anyone have any pointers on how to get this to work?

/Fredrik

​GreetingsI have a tough time getting the MITRE parsing to work for one of my integrations. It’s a security platform that’s sending incidents to Sentinel using CEF and they arrive into Log Analytics looking like this, it’s been truncated for clarity etc.Now, in the analytics rule under Alert Details I’ve tried different settings for the tactics and/or techniques using either the mitre_id column or mitre_name but none of those ever show up in the incident. Does anyone have any pointers on how to get this to work?/Fredrik  Read More

​