Import ATT&CK Navigator TTPs File

This connector ingests techniques defined in an ATT&CK Navigator layer file, converting them as Attack Patterns. The ATT&CK Navigator (https://mitre-attack.github.io/attack-navigator/) is a tool used to visualize and annotate different tactics and techniques from the MITRE ATT&CK framework. A "layer file" is a file format that represents saved visualizations (layers) of selected techniques within the Navigator tool.

When importing a layer file from ATT&CK Navigator, you have the option to associate the imported techniques with an existing entity in the platform. Here are the types of relationships that can be established based on the selected entity:

• Threats: If the entity is an intrusion set, a threat actor (either individual or group), a malware, or a campaign, the techniques will be linked to the selected entity using a "uses" relationship. This indicates that the techniques are employed by the entity in pursuit of its objectives.
• Security Platform: If the selected entity is a Security Platform, the techniques will be linked to the entity using a "should-cover" relationship. This suggests that the security platform is expected to cover or mitigate these techniques as part of its functional capabilities.
• No Entity Selected: If no entity is selected, the techniques will be imported globally.