Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Debs
Newcomer I
‎06-01-2021 09:06 AM
‎06-01-2021 09:06 AM

How best MITRE ATT&CK be used for SIEM usecase built?

I'm interested to hear the practical usage of MITRE framework on building the SIEM usecase?

Reply
1 Reply
tmekelburg1
Community Champion
‎06-01-2021 09:51 AM
‎06-01-2021 09:51 AM

  1. Research what threat actors are targeting your specific industry
  2. APT 29 Cozy Bear, just as an example
  3. Look at the 'Techniques Used' section within APT29 APT29
  4. Start at the top within the field 'ID' with T1548 Abuse Elevation Control Mechanism
  5. Use the 'Detection' section to look at what events need to be monitored and sent to the SIEM
  6. Repeat until all techniques are able to be monitored by the SIEM

Some techniques overlap with other APT groups so I wouldn't use it for attribution necessarily.   

Reply
0 Kudos