G'day Luis,

I suppose the first question would be to identify your use case. What do you hope to use ATT&CK for?

Siemplify's ATT&CK actions allow you to
1. Find reported intrusions (to mitre) associated to an attack ID/Name
2. Get Details About a TECHNIQUE
3. Get Mitigations for a TECHNIQUE You mentioned QRadar so I'll assume the initial use case is on ingestion of QRadar Offenses.

You may be using QRadar's ATT&CK mapping which maps att&ck TACTICTS to an offense and does have some mapping towards TECHNIQUES
Depending on how you've setup those mappings, the offenses you bring in might have a TACTICT (like Execution) tagged to the Offense.

If that's the case, I do not see how Siemplify's MITRE integration can help you as their stuff seems to support the TECHNQIUES.

If you've mapped specific techniques to your offenses then you'll be able to grab that technique, and query for the information that siemplify's actions can provide (similar intrusions, technique details, mitiagations) and then output that data as either an Insight, maybe add as a note to the QRadar Offense, include in a report or email, etc.

I've not been able to utilize the mitre integration from siemplify because i've yet to find a way to automatically determine the TECHNIQUE associated to the event in question. I can determine a TACTICT all day long, but I couldn't magically tell you if it falls under Execution's Shared Modules or Native API.

Some of the Use Cases in the Marketplace actually have some great examples of using the mitre actions. But again, these require you to know what the technique is. Like, the DLP Use Case has "Exfiltration over Alternative Protocol" manually entered as a technique to query on.

Probably not the best answer, but I hope it gives inspiration on how to set out using the mitre integration