Extracting MITRE Techniques from SIEM integrations for SIRFor customers to be able to extract MITRE techniques from events/alerts fetched from SIEM integrations and associate them to Security Incidents related to a particular event/alert Prerequisites: Security Incident Response plugin version should be 12.0.0 or more Threat Intelligence plugin version should be 12.0.0 or more MITRE ATT&CK should be set up as mentioned in documentation (https://docs.servicenow.com/bundle/quebec-security-management/page/product/threat-intelligence/task/setup-mitre-profile.html). Process of associating MITRE ATT&CK Techniques provided by corresponding SIEM integrations to Security Incidents that are ingested from the SIEM: As part of supporting MITRE ATT&CK Framework few columns are added to security incident table MITRE ATT&CK TacticMITRE ATT&CK TechniqueMITRE ATT&CK Procedure (Malware)MITRE ATT&CK Procedure (Tool)MITRE ATT&CK Adversary GroupMITRE ATT&CK Data SourcePlatforms(MITRE) Mapping of ingested event/alert fields to the above mentioned column of security incident table in the mapping section of corresponding SIEM integrations is not supported currently . (Even if the fields are mapped, the information will not be available as part of MITRE ATT&CK card created as part of MITRE ATT&CK Framework in Security Incident Form View) Ideal way to associate MITRE ATT&CK Techniques to a security incident ingested from a SIEM integration (provided the incoming even/alert from SIEM has MITRE ATT&CK Techniques information) is to use Auto Extraction Feature built as part of MITRE ATT&CK Framework in Threat Intelligence ModuleDocumentation for auto extraction of techniques from SIEM integrations : https://docs.servicenow.com/bundle/quebec-security-management/page/product/threat-intelligence/concept/auto-extract-technique-rules.html#siem-auto-extraction