Powered by Zoomin Software. For more details please contactZoomin

Flowmon ADS

Table of Contents

By MITRE ATT&CK

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: April 5, 2026
  • 2 minute read
    • Flowmon Products
    • Flowmon Anomaly Detection System
    • Documentation

The By MITRE ATT&CK page provides a table view of the events grouped as per the MITRE ATT&CK tactics. Information about each tactic consists of several techniques and events present. Consequently, it is possible to view a list of events related to the respective tactic. Events in the group are sorted by the event ID.

Data filtering

It is possible to filter data in the table according to corresponding search criteria. To enhance the clarity, the search criteria are divided into basic search criteria, which are displayed always, and advanced, which are available after clicking More Filters. Search criteria can be shared using the URL after applying the specified criteria. The following search criteria are available:

  • Date: The relevant period for displaying the events in the Simple list. You can specify the period directly or it can be chosen from an associated calendar (Custom time interval).

  • Perspective: Assigns the priority to the events according to the chosen perspective.

  • Source IP: Displays only events where the originator of the events is the IP address specified in this field. It is possible to enter IP addresses in the following formats:

    • Single IP address: for IP versions 4 and 6 (for example, 192.168.2.1, 2001:db8::beef) or a comma-separated list of single IP addresses

    • Network address or mask: for the IP version 4 and 6 (for example, 192.168.1.0/24, fc00::/7)

    • Range of IP addresses: for the IP versions 4 and 6 (for example, 10.0.1.2-10.0.1.10, fe80::-fe80::ffff)

    • Wildcards notation of IPv4 addresses: (enumeration, range, all), only a single wildcard can be used in one IP address. Examples:

      • 192.168.{1,3,20}.1: IP addresses 192.168.1.1, 192.168.3.1 and 192.168.20.1

      • 10.[1-3].0.0: IP addresses 10.1.0.0, 10.2.0.0 and 10.3.0.0

      • 172.16.*.1: Same as 172.16.[0-255].0

  • Targets: Displays only events whose targets are associated with the IP addresses specified in this field. It is possible to specify IP addresses in the same format that is described above for the Source IP field.

  • Data feeds: Allows you to only display events that were detected by inspecting the flows from the specified data feed.

  • Methods: Displays only specified events in the Simple list.

  • Filters: Allows you to specify the sources of events by choosing a defined filter.

  • Event categories: Displays only events that are part of selected categories.

  • MITRE ATT&CK techniques: Allows you to display only events that have selected MITRE ATT&CK techniques assigned. To filter according to MITRE ATT&CK tactics, you must select all techniques under the desired tactic. Note that the list of techniques does not contain all the MITRE ATT&CK techniques but only those that the Anomaly Detection System can detect.

  • Applications: Only displays events if their source/target IP addresses are associated with the selected applications.

TitleResults for “How to create a CRG?”Also Available inAlert