Query Details
MITRE Tactic Incident
Query
//Displaying the MITRE tactics assigned to Incidents SecurityIncident | extend MITRE_ = tostring(parse_json(tostring(AdditionalData.tactics))[0]) | project IncidentNumber, Title, MITRE_
Explanation
This query displays the MITRE tactics assigned to security incidents. It retrieves the incident number, title, and the corresponding MITRE tactic for each incident.
Details
Rod Trent
Released: March 16, 2022
Tables
SecurityIncident
Keywords
SecurityIncident,AdditionalData,MITRE_,IncidentNumber,Title
Operators
extendtostringparse_json[0]project