MITRE ATT&CK Heatmap

The MITRE ATT&CK Heatmap tab on the Attack Path page provides a holistic view of your data based on tactics and techniques from the Mitre Att&ck framework.

Tenable Exposure Management presents the MITRE ATT&CK data in a table format that enables you to quickly prioritize and remediate critical vulnerabilities that are most relevant to your organization.

Tip: Check out the full list of Attack Path Techniques to view tactics, techniques, and the Tenable applications that trigger them.

To access the MITRE ATT&CK Heatmap tab:

  1. Do one of the following:

    • In the left navigation menu, click Attack Path > ATT&CK Heatmap.

    • At the top of the Attack Path page, click the ATT&CK Heatmap tab.

    The MITRE ATT&CK Heatmap tab appears.

  2. Do one of the following:

    • To view data based on enterprise tactics and techniques, in the left panel, click the Enterprise tab.

      1. (Optional) Filter the table by platform type by selecting one of the available filters:

        • PRE

        • Windows

        • MacOS

        • Linux

        • Cloud

        • Containers

    • To view data based on ICS (Industrial Critical Systems) tactics and techniques, in the left panel, click the ICS tab.

Tenable Exposure Management displays the relevant Mitre Att&ck data in a table format that includes the following details:

  • Each column in the MITRE ATT&CK Heatmap table represents an enterprise tactic and its techniques. The column header shows the name of the enterprise tactic and the column shows its associated techniques.

    For example, Gather Victim Host Information, Gather Victim Identity Information, and so on are enterprise techniques related to Reconnaissance enterprise tactic.

  • Table cells are color-coded to indicate the following information:

    • Gray — Tenable does not currently support these techniques.

    • White — While Tenable supports these techniques and detects them, they are not relevant to your organization.

  • Click on a cell to view top related attack paths and techniques:

    1. Click the button.

      A list of sub-techniques appears.

      Note: If there are no sub-techniques for a technique, only the icon is available.

    2. Click the button.

      A menu appears:

      • View Top Attack Techniques — Navigate to the Top Attack Techniques page to view the attack techniques list filtered by the selected technique or sub-technique.

      • View Attack Paths — Navigate to the Top Attack Paths page to view all possible attack paths for the selected technique or sub-technique.

        Tip: Each menu option includes the number of attack techniques and attack paths available for the selected technique or sub-technique.

When viewing the MITRE ATT&CK Heatmap tab, you can do the following:

  • Use the Search bar at the top of the table to search for specific techniques or sub-techniques.

  • Click the Show All Techniques toggle to view only the cells that are color-coded by severity. This hides the white and gray cells in the heatmap table and shows only the techniques relevant to your organization.

  • Click on a severity level to filter the page by severity.