[feat] Create experimental Insider Threat Attack Matrix Annotation Framework 

Based on this [splunk ideas concept](https://ideas.splunk.com/ideas/ESSID-I-231), I think this app would be the perfect way to introduce this in beta. We would need the:
1. [Intelligence download](http://docs.splunk.com/Documentation/ES/7.1.1/RBA/Useriskmappingsincorrelationsearches#Add_the_intelligence_download)
2. [Lookup definition](http://docs.splunk.com/Documentation/ES/7.1.1/RBA/Useriskmappingsincorrelationsearches#Add_the_lookup_definition)
3. [Automatic Lookup](http://docs.splunk.com/Documentation/ES/7.1.1/RBA/Useriskmappingsincorrelationsearches#Add_the_automatic_lookup)

I believe that would be it! Here's the [github repo for the framework](https://github.com/center-for-threat-informed-defense/insider-threat-ttp-kb), and here's the [visual representation of the framework](https://mitre-attack.github.io/attack-navigator/#layerURL=https%3A%2F%2Fraw.githubusercontent.com%2Fcenter-for-threat-informed-defense%2Finsider-threat-ttp-kb%2Fmain%2Finsider-threat-ttp-kb.json&disable_techniques=false&manual_color=false&scoring=false&comments=false&comment_underline=false&links=false&link_underline=false&metadata=false&clear_annotations=false)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[feat] Create experimental Insider Threat Attack Matrix Annotation Framework #38

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[feat] Create experimental Insider Threat Attack Matrix Annotation Framework #38

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions