Rule Group Reporting
The rule groups are reflected in the intrusion events generated and MITRE tactics and techniques are also called out. There are columns for MITRE tactics and techniques and for non-MITRE rule groups for intrusion events. To access the intrusion events, in management center, go to , and click the Table View of Events tab. You can also view the intrusion event fields in the Unified Events viewer. In the Analysis tab, click Unified Events.
In the Intrusion Events page, the following fields are added for rule group reporting. Note that you must explicitly enable the mentioned columns.
-
MITRE ATT&CK
-
Rule Group
For information about these fields, see the section Intrusion Event Fields in the Cisco Secure Firewall Management Center Administration Guide, 7.3.