Threat Hunting with ATT&CK Technique "X"

Logo
Presented by

Brian Coulson, Dan Kaiser, and Sally Vincent

About this talk

Threat hunting with MITRE ATT&CK techniques can be approached in several ways. Join members of the LogRhythm Labs team as they take you on a journey of how to use MITRE ATT&CK techniques and LogRhythm to make your threat hunting activities more valuable and effective. They will start the journey using the known techniques of MITRE ATT&CK Group APT 29, also known as the Russian threat actor group The Dukes or Cozy Bear. The team will describe the known Indicators of Compromise (IOCs) like file hashes, IP addresses, etc., and how IOCs play into MITRE ATT&CK technique searches, and dashboards. Finally, the team will dig into more unknown, or suspicious activity based on the techniques by focusing on encoded PowerShell. You’ll Learn: - Threat hunting made easy using MITRE ATT&CK techniques - How to create custom LogRhythm dashboards and searches. - Moving from known, to unknown, and back to known to increase your detection capabilities

Related topics:

More from this channel

Upcoming talks (4)
On-demand talks (156)
Subscribers (61657)
LogRhythm’s award-winning NextGen SIEM Platform makes the world safer by protecting organizations, employees, and customers from the latest cyberthreats. It does this by providing a comprehensive platform with the latest security functionality, including security analytics; network detection and response (NDR); user and entity behavior analytics (UEBA); and security orchestration, automation, and response (SOAR). Learn how LogRhythm empowers companies to be security first at logrhythm.com. To learn more, please visit logrhythm.com.