cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Debs
Newcomer I

How best MITRE ATT&CK be used for SIEM usecase built?

I'm interested to hear the practical usage of MITRE framework on building the SIEM usecase?

1 Reply
tmekelburg1
Community Champion

Re: How best MITRE ATT&CK be used for SIEM usecase built?

  1. Research what threat actors are targeting your specific industry
  2. APT 29 Cozy Bear, just as an example
  3. Look at the 'Techniques Used' section within APT29 APT29
  4. Start at the top within the field 'ID' with T1548 Abuse Elevation Control Mechanism
  5. Use the 'Detection' section to look at what events need to be monitored and sent to the SIEM
  6. Repeat until all techniques are able to be monitored by the SIEM

Some techniques overlap with other APT groups so I wouldn't use it for attribution necessarily.