Skip to content

[9.1] [Security Solution] Updates kibana MITRE data to v18.1 (#246770) #247299

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dplumlee merged 1 commit into from
Dec 22, 2025
Merged

[9.1] [Security Solution] Updates kibana MITRE data to v18.1 (#246770) #247299

dplumlee merged 1 commit into from
Dec 22, 2025

Conversation

@dplumlee
Copy link
Contributor

@dplumlee dplumlee commented Dec 22, 2025

Backport

This will backport the following commits from main to 9.1:

Questions ?

Please refer to the Backport tool documentation

@dplumlee
[Security Solution] Updates kibana MITRE data to v18.1 (elastic#246770
7f8262d 
)

## Summary

Addresses: elastic#166152 for `9.3.0`

Updates MITRE ATT&CK mappings to
[`v18.1`](https://attack.mitre.org/resources/updates/updates-october-2025/).
Last update was to `v17.1` in
elastic#231375.

To update,  I modified

https://github.com/elastic/kibana/blob/8da457eaa399310954edf4c98cfc0fb540ae48ad/x-pack/solutions/security/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js#L22

to point to the `ATT&CK-v18.1` tag.

Then ran `yarn extract-mitre-attacks` from the root `security_solution`
plugin directory, and then `node scripts/i18n_check.js --fix` from
Kibana root to regen the i18n files.

## Acceptance Criteria

- [x] User can map and use new MITRE techniques in Security Solution
- [ ] The user-facing documentation is updated with the new version
- [ ] [MITRE ATT&CK®
coverage](https://www.elastic.co/guide/en/security/master/rules-coverage.html)
page
    - [ ] elastic/docs-content#4395

## Test Criteria

- [x] Verify that new techniques (see the changelog link above) are
available for mapping on the Rule Creation page under "Advanced
settings"
- [x] Verify that new techniques are available on the MITRE ATT&CK
coverage page

(cherry picked from commit 6b6a30e)

# Conflicts:
#	x-pack/platform/plugins/private/translations/translations/de-DE.json
@dplumlee dplumlee added the backport This PR is a backport of another PR label Dec 22, 2025
@dplumlee dplumlee enabled auto-merge (squash) December 22, 2025 17:58
@dplumlee dplumlee mentioned this pull request Dec 22, 2025
Merged
6 tasks
@dplumlee dplumlee merged commit 17679c2 into elastic:9.1 Dec 22, 2025
17 checks passed
@dplumlee dplumlee deleted the backport/9.1/pr-246770 branch December 22, 2025 20:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maximpn maximpn maximpn approved these changes

@kibanamachine kibanamachine Awaiting requested review from kibanamachine kibanamachine is a code owner

Assignees

No one assigned

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dplumlee @maximpn