Introducing ATT&CK Detections Collector

The Splunk SURGe team loves to automate and simplify mundane tasks. Through rapid response blogs, we provide context and analysis on late breaking security events that affect everyone, not just Splunk customers. We are firm believers that through shared knowledge and experience we can help the masses better understand the threat landscape and how they can improve their security posture.

Your Security Operations Cheat Sheet for Windows and Linux Logs (And How to Tie Them to the MITRE ATT&CK Framework)

Within the security operations center, visibility is everything. Being aware of the details of users, assets, known threats, and specific vulnerabilities present across security, network, server, application and database sources allows security operations teams to act quickly and decisively to address possible risks.

Using Mitre Att&CK with threat intelligence to improve Vulnerability Management

Threat actors are constantly evolving their tactics and techniques in the attack lifecycle and infiltrate company infrastructure. While most organizations are already performing vulnerability management based on CVEs by MITRE, few have considered the powerful correlations between threat intelligence, CVEs and the ATT&CK® framework. In this blog we highlight the benefits of bringing them together to drive focused remediation and improve cyber defense.

Nuts and bolts of MITRE ATT&CK framework

To thrive in today’s cybersecurity landscape, learning the art of defence is essential, and layering this approach with Att&ck framework techniques has become a necessity. It means your organization needs to have a cybersecurity team to ensure that every aspect of your infrastructure is secured through processes, technical controls, and people.

Integrating MITRE ATT&CK with Cloud SOAR to optimize SecOps and Incident Response

Today’s complex cyber threats leave no room for mediocrity. Security analysts must know who is attacking them, how the attacker gained access, what methods they used to infiltrate your systems, and what their next move might be. However, modern cyber threats leave no recognizable patterns in their behavior, making threat anticipation harder than ever. To boost their threat hunting capabilities, SOC teams must implement advanced technologies and strategic techniques.

What is the MITRE ATT&CK Framework for Cloud? | 10 TTPs You should know of

In any case, by using the MITRE ATT&CK framework to model and implement your cloud IaaS security, you will have a head start on any compliance standard since it guides your cybersecurity and risk teams to follow the best security practices. As it does for all platforms and environments, MITRE came up with an IaaS Matrix to map the specific Tactics, Techniques, and Procedures (TTPs) that advanced threat actors could possibly use in their attacks on Cloud environments.

Why do we need a MITRE ATT&CK-style framework for bots?

Since launching in 2015, MITRE’s ATT&CK framework has been the cybersecurity industry standard for understanding cyber-attacks and their kill chains. Now the BLADE framework is set to develop a similar understanding of business logic attacks fueled by malicious bots. In this post, we will look at why MITRE ATT&CK is so important and examine why BLADE is needed now more than ever.

Tripwire Tips and Tricks: Five Things to Do With MITRE ATT&CK

In this session of the Tripwire Tips and Tricks series, you'll learn how to use the MITRE ATT&CK framework to protect your organization from cyberattacks. Tripwire Security Researcher David Lu will walk you through five key use cases for the framework, helping you deepen your understanding of mapping defensive controls to the framework, threat hunting, incident response, and more.