Threat hunting with MITRE ATT&CK techniques can be approached in several ways.
Join members of the LogRhythm Labs team as they take you on a journey of how to use MITRE ATT&CK techniques and LogRhythm to make your threat hunting activities more valuable and effective.
They will start the journey using the known techniques of MITRE ATT&CK Group APT 29, also known as the Russian threat actor group The Dukes or Cozy Bear. The team will describe the known Indicators of Compromise (IOCs) like file hashes, IP addresses, etc., and how IOCs play into MITRE ATT&CK technique searches, and dashboards. Finally, the team will dig into more unknown, or suspicious activity based on the techniques by focusing on encoded PowerShell.
You’ll Learn:
- Threat hunting made easy using MITRE ATT&CK techniques
- How to create custom LogRhythm dashboards and searches.
- Moving from known, to unknown, and back to known to increase your detection capabilities