Skip to main content
All CollectionsTemplatesIntermediate
Create Att&ck Layer from TTP List - Workflow Template
Create Att&ck Layer from TTP List - Workflow Template

Receives a list of TTPs and returns an Att&ck layer in JSON and SVG formats.

Updated over 7 months ago

This Torq workflow template, "Create Att&ck Layer from TTP List," is designed to process a list of Tactics, Techniques, and Procedures (TTPs) and output a visual representation. When techniques are absent, it enriches tactics information and creates an MITRE ATT&CK layer in both JSON and SVG formats. Ideal for cybersecurity teams, the workflow aids in threat hunting and case management by highlighting techniques and sub-techniques, thus enhancing situational awareness and incident response capabilities.

Optional Triggers

"Use this workflow as a nested function."

Use Cases

CSPM, Case Management ,DSPM,Function, Threat Hunting

Workflow Breakdown

  1. Receives a list of Tactics (TA0002) and Techniques (T1028)

  2. Enrich Tactics when Techniques are not found.

  3. Highlight techniques and sub techniques in the Att&ck Layer.

  4. Creates a Layer in JSON format.

  5. Converts JSON Layer to SVG image.

Vendors

Scripting, Utils

Workflow Output

Output contains Att&ack Layer in JSON format and Base64 encoded SVG image.

Tips

Use a Quick Action from a case to automatically attach layers when doing Threat Hunting

Did this answer your question?