The MITRE ATT&CK® framework has helped people across the security community adopt a threat-informed mindset and better align what they’re doing towards understanding and defending against real-world adversaries. But for organizations just getting started, it’s not always clear how to adopt it – sure, the concepts make sense, but how do you actually implement ATT&CK®? For many, the answer lies in understanding where they currently stand: without knowing how your current defenses map to ATT&CK®, it’s hard to see where you should improve.
This MITRE SOC course is designed to help answer this problem by teaching students how to leverage ATT&CK® to conduct Security Operations Center (SOC) assessments. These assessments are designed to be rapid, low overhead, and broad enough to help the SOC get on their feet with ATT&CK®. Specific subjects we’ll cover include how to analyze SOC technologies like tools and data sources, how to interview and discuss ATT&CK® with SOC personnel, and how to recommend changes based on assessment results.
Target Audience for the MITRE SOC Course
Anyone involved in or consulting with the day-to-day operations of a security operations center looking to adopt ATT&CK®.
Prerequisites for this MITRE SOC Training
- An understanding of the ATT&CK® framework through the MITRE ATT&CK Defender™ (MAD) ATT&CK® Fundamentals Badge course
- An understanding of information security and technology, and security operations
MITRE SOC Course Goals
By the end of this MITRE SOC course, students should be able to:
- Understand how SOC technologies map to ATT&CK® at a high level
- Walk through an ATT&CK®-based SOC assessment
- Interview and discuss ATT&CK® with SOC personnel
- Effectively communicate findings with ATT&CK®
- Propose enhancements to better align operations with ATT&CK®
Note: Per our partnership agreement with MITRE Engenuity, MITRE will have access to learner usage data.
