The Specifics
There is a wealth of information available in the MITRE ATT&CK framework, all of which can provide valuable insight to analysts during investigations and guide remediation actions. The current integration available out of the box includes:
Technique Details: How attackers are attempting to compromise your environment.
Mitigations: The steps you should follow to combat the attack.
Associated Intrusions: Related adversaries known to have used these attack vectors
Once downloaded from the Siemplify Marketplace, creating a playbook that collects this data for every case is a snap. Check out this short video for a step-by-step walk-through of the process of connecting your Siemplify SOAR platform to the MITRE ATT&CK framework.
The Benefits
Incorporating the MITRE ATT&CK Framework into your Siemplify Security Operations Platform delivers value from CISO down to the junior SOC staff. Analysts will no longer need to context switch (move from one system to another) to gain the insights available in the framework. Those insights are displayed with the case automatically. From a management perspective, maintaining and monitoring MITRE ATT&CK trends in your environment can highlight gaps that might exist in your security architecture. With this information, managers can make data-driven decisions, proposing ways to improve the SOC’s overall approach.
More time is what we all need, and with Siemplify and MITRE ATT&CK framework, you’ll start feeling more on schedule – or even ahead.