ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

ATP 3.2 Events show the correct MITRE attack information, but Events pulled through the API do not


Article ID: 173220


Updated On:


Endpoint Detection and Response Advanced Threat Protection Platform


When using the ATP REST API, and Splunk Integration, you do not see the same information as is shown on Events in the ATP Event search.


This issue is resolved in SEDR 4.0. Event data pulled through the API will show MITRE attack data in the fields "event_actor.signature_level_id", "attacks", "attacks.tactic_ids", "attacks.technique_uid", and "attacks.technique_name".