Skip to main content

MITRE ATT&CK - Courses of Action

Download With Dependencies

Looking for actionable intelligence? This intelligence-driven Pack provides manual or automated remediation of MITRE ATT&CK techniques.

The process of ingesting quality threat intelligence, mapping the intelligence reports into MITRE ATT&CK tactics and techniques, and then translating this information into reliable and usable remediation steps can be tedious and very time consuming. This MITRE ATT&CK - Courses of Action Pack contains intelligence-driven Courses of Action (COA) defined by Palo Alto Networks Unit 42 team, that will enable you to handle MITRE ATT&CK techniques and sub-techniques in an organized and automated manner. This will make sure your organization is not only blocking specific reported IOCs but also taking a more holistic approach to prevent future attacks.

Using this content Pack, you can automate this whole process and have all of the information gathered in one place to help you keep your organization protected.
Each technique is mapped out-of-the-box into the specific Courses of Action that your organization needs in order to stay protected, using Palo Alto Networks products.

With this Pack, you can reduce the time your teams spend on consuming threat intelligence and translating the reports into action items, and on sustaining best practices policies for your security products.

What does this Pack do?

  • Automatically maps MITRE ATT&CK Techniques into Courses of Action playbooks.
  • Takes action to remediate the techniques throughout Palo Alto Networks security products, following the MITRE ATT&CK kill chain.
  • Checks existing profiles against best practices and suggests manual or automated policy changes.
  • The playbooks in the Pack can be triggered manually, by a job, by an incident, or by any threat intelligence feed.
  • MITRE ATT&CK techniques are the playbook inputs and therefore playbooks can be triggered by any 3-rd party tools mapping to this framework.
  • When used with Unit 42 feed ingesting Actionable Threat Objects and Mitigations (ATOMs) - get notified as soon as there is a new threat actor report and take action immediately.

For more information, please refer to the MITRE ATT&CK - Courses of Action article.

MITRE ATT&CK Dashboard
MITRE_Dashboard

Unit 42 STIX Report Indicators
Maze_Ransomware

MITRE ATT&CK - Courses of Action Sample Playbook
Courses_of_Action

The process of ingesting quality threat intelligence, mapping the intelligence reports into MITRE ATT&CK tactics and techniques, and then translating this information into reliable and usable remediation steps can be tedious and very time consuming. This MITRE ATT&CK - Courses of Action Pack contains intelligence-driven Courses of Action (COA) defined by Palo Alto Networks Unit 42 team, that will enable you to handle MITRE ATT&CK techniques and sub-techniques in an organized and automated manner. This will make sure your organization is not only blocking specific reported IOCs but also taking a more holistic approach to prevent future attacks.

Using this content Pack, you can automate this whole process and have all of the information gathered in one place to help you keep your organization protected.
Each technique is mapped out-of-the-box into the specific Courses of Action that your organization needs in order to stay protected, using Palo Alto Networks products.

With this Pack, you can reduce the time your teams spend on consuming threat intelligence and translating the reports into action items, and on sustaining best practices policies for your security products.

What does this Pack do?

  • Automatically maps MITRE ATT&CK Techniques into Courses of Action playbooks.
  • Takes action to remediate the techniques throughout Palo Alto Networks security products, following the MITRE ATT&CK kill chain.
  • Checks existing profiles against best practices and suggests manual or automated policy changes.
  • The playbooks in the Pack can be triggered manually, by a job, by an incident, or by any threat intelligence feed.
  • MITRE ATT&CK techniques are the playbook inputs and therefore playbooks can be triggered by any 3-rd party tools mapping to this framework.
  • When used with Unit 42 feed ingesting Actionable Threat Objects and Mitigations (ATOMs) - get notified as soon as there is a new threat actor report and take action immediately.

For more information, please refer to the MITRE ATT&CK - Courses of Action article.

MITRE ATT&CK Dashboard
MITRE_Dashboard

Unit 42 STIX Report Indicators
Maze_Ransomware

MITRE ATT&CK - Courses of Action Sample Playbook
Courses_of_Action

PUBLISHER

Cortex

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedDecember 31, 2022
Last ReleaseDecember 19, 2023
Threat Intelligence Management
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.