MITRE ATT&CK is a knowledge base and framework that lists and details adversary tactics and techniques within a common taxonomy. Having a taxonomy by itself has many valuable uses, such as providing a common vocabulary for exchanging information with others in the security community. But it also serves as a real technical framework for classifying your current detection efforts and identifying gaps where you are blind to certain types of attack behaviors.
In this webinar, Randy Franklin Smith of Ultimate Windows Security and Brian Coulson of LogRhythm will introduce viewers to MITRE ATT&CK, as well as:
- Share various ways to use ATT&CK, specifically in relation to designing, enhancing, assessing, and maintaining your security monitoring efforts.
- Discuss LogRhythm Labs’ project that includes aligning the ATT&CK matrix with log sources.
- Walk through an example of the MITRE attack process from start to finish while focusing on rule development and alignment in the LogRhythm NextGen SIEM Platform.
Brian Coulson, from LogRhythm Labs, is leading an outstanding project at LogRhythm Labs where-in he will show you how they’re aligning the ATT&CK matrix with log sources, including windows event logs (XML – Security, XML Sysmon 8.0 and XML-System). While the matrix is wide spread in what it monitors, there are effective ways to filter around common and relevant detection techniques and logs.