ATP 3.2 Events show the correct MITRE attack information, but Events pulled through the API do not
Last Updated December 14, 2018
When using the ATP REST API, and Splunk Integration, you do not see the same information as is shown on Events in the ATP Event search.
This issue is resolved in SEDR 4.0. Event data pulled through the API will show MITRE attack data in the fields "event_actor.signature_level_id", "attacks", "attacks.tactic_ids", "attacks.technique_uid", and "attacks.technique_name".
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe