Skip to content

[8.19] [Security Solution] Updates kibana MITRE data to v18.1 (#246770)#247300

Merged
dplumlee merged 1 commit intoelastic:8.19from
dplumlee:backport/8.19/pr-246770
Dec 22, 2025
Merged

[8.19] [Security Solution] Updates kibana MITRE data to v18.1 (#246770)#247300
dplumlee merged 1 commit intoelastic:8.19from
dplumlee:backport/8.19/pr-246770

Conversation

@dplumlee
Copy link
Copy Markdown
Contributor

@dplumlee dplumlee commented Dec 22, 2025

Backport

This will backport the following commits from main to 8.19:

Questions ?

Please refer to the Backport tool documentation

@dplumlee
[Security Solution] Updates kibana MITRE data to v18.1 (elastic#246770
5eabc65 
)

## Summary

Addresses: elastic#166152 for `9.3.0`

Updates MITRE ATT&CK mappings to
[`v18.1`](https://attack.mitre.org/resources/updates/updates-october-2025/).
Last update was to `v17.1` in
elastic#231375.

To update,  I modified

https://github.com/elastic/kibana/blob/8da457eaa399310954edf4c98cfc0fb540ae48ad/x-pack/solutions/security/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js#L22

to point to the `ATT&CK-v18.1` tag.

Then ran `yarn extract-mitre-attacks` from the root `security_solution`
plugin directory, and then `node scripts/i18n_check.js --fix` from
Kibana root to regen the i18n files.

## Acceptance Criteria

- [x] User can map and use new MITRE techniques in Security Solution
- [ ] The user-facing documentation is updated with the new version
- [ ] [MITRE ATT&CK®
coverage](https://www.elastic.co/guide/en/security/master/rules-coverage.html)
page
    - [ ] elastic/docs-content#4395

## Test Criteria

- [x] Verify that new techniques (see the changelog link above) are
available for mapping on the Rule Creation page under "Advanced
settings"
- [x] Verify that new techniques are available on the MITRE ATT&CK
coverage page

(cherry picked from commit 6b6a30e)

# Conflicts:
#	x-pack/platform/plugins/private/translations/translations/de-DE.json
#	x-pack/platform/plugins/private/translations/translations/fr-FR.json
#	x-pack/platform/plugins/private/translations/translations/zh-CN.json
@dplumlee dplumlee added the backport This PR is a backport of another PR label Dec 22, 2025
@dplumlee dplumlee enabled auto-merge (squash) December 22, 2025 18:04
@dplumlee dplumlee mentioned this pull request Dec 22, 2025
Merged
6 tasks
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Dec 22, 2025

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #51 / APM API tests service_maps/service_maps.spec.ts trial apm_8.0.0 Service Map with data /internal/apm/service-map with data returns the correct data
  • [job] [logs] FTR Configs #52 / Product intercept for upgrade event page load checks displays the upgrade intercept if it's display condition is met

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 9.5MB 9.5MB +4.1KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
kbnUiSharedDeps-srcJs 3.7MB 3.7MB -129.0B

@dplumlee dplumlee merged commit 4945bef into elastic:8.19 Dec 22, 2025
17 checks passed
@dplumlee dplumlee deleted the backport/8.19/pr-246770 branch December 22, 2025 20:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maximpn maximpn maximpn approved these changes

@kibanamachine kibanamachine Awaiting requested review from kibanamachine kibanamachine is a code owner

Assignees

No one assigned

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dplumlee @elasticmachine @maximpn