Hi Amit,
we're running UCM 3.6 with ATT&CK v11.3.
And you're right! It seems like there are no techniques for ICS implemented, even in the current release of UCM and as described for release 3.5 :(
------------------------------
Ralph Belfiore
SIEM Expert
pro4bizz GmbH
Karlsruhe
+4972190981727
------------------------------
Original Message:
Sent: Wed February 01, 2023 01:21 AM
From: Amit Thakur
Subject: Want to map my rules with ICS MITRE ATT&CK techniques
Hi!!!
I am using latest version of Use case manager and on feature added to version 3.5.0 it is mentioned that there are techniques available for ICS which is updated to MITRE v11.1, but I could not see any techniques posted by MITRE ATT&CK for ICS on use case manager like
T0878- Alarm Suppression
T0843- Program Download
T0838- Modify Alarm Settings
References: ICS Techniques
IBM Security App Exchange - QRadar Use Case Manager - QRadar 7.3.3 FP6+/7.4.1 FP2+
| Ibmcloud | remove preview |
 | | IBM Security App Exchange - QRadar Use Case Manager - QRadar 7.3.3 FP6+/7.4.1 FP2+ | | IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers | | View this on Ibmcloud > |
|
|
| Mitre | remove preview |
 | | ICS Techniques | | Damage to Property Adversaries may cause damage and destruction of property to infrastructure, equipment, and the surrounding environment when attacking control systems. This technique may result in device and operational equipment breakdown, or represent tangential damage from other techniques used in an attack. | | View this on Mitre > |
|
|
------------------------------
Amit Thakur
------------------------------