Symptom
The MITRE data in an intrusion event currently looks like:
ATT&CK Framework > Enterprise > Execution > User Execution > Malicious File
The issue is that this does not make it easy to locate the actual tactic/technique referred to. In order to find this information, the user has to navigate to an intrusion policy, edit the policy, find the MITRE groups and then find the group with this description. Only then can they find the actual MITRE number assigned.
MITRE / ATT&CK Framework / Enterprise / Execution / User Execution / Malicious File (T1204.002)
This enhancement would be to either add this number (in this case T1204.002) to the MITRE column or add another column with this information.
