Feature Request – Add MITRE ATT&CK Mapping Field to Vulnerabilities

[Kaiser11-dev]

I would like to suggest adding a dedicated field in the vulnerability reporting section to map each finding to its corresponding MITRE ATT&CK technique ID (e.g., T1190 – Exploit Public-Facing Application).

While I understand that this might not be strictly necessary for all use cases, I believe it would provide significant added value by giving a clearer tactical context to each vulnerability.

Thank you for considering this enhancement, as it would bring additional context and value to SysReptor reports.

[aronmolnar]

Thank you for this suggestion.

This seems to be possible from a license perspective: https://attack.mitre.org/resources/legal-and-branding/terms-of-use/
(We need to include the license if we add a field.)

[jdelta1]

You could create an enum finding field yourself and add them that way. That's how we do "root cause" including OWASP top 10.

[Kaiser11-dev]

You could create an enum finding field yourself and add them that way. That's how we do "root cause" including OWASP top 10.

Yup, I will do that way. Should I close this feature request?