Explore the world of Security Operations Center (SOC) and its relationship with the MITRE ATT&CK framework in this 30-minute conference talk by Mathieu Saulnier at NorthSec 2019. Delve into the history of attacks, the ATT&CK framework, and its Navigator tool. Learn about scoring methodologies, threat detection reporting, and threat modeling techniques. Discover how to leverage the ATT&CK matrix for key performance indicators and explore tools like Sigma, ModularOS Query, and Red Canary for threat hunting and red team automation. Gain valuable insights from a seasoned security professional with extensive experience in SOC implementation, detection, and mentorship across major Canadian institutions.
Overview
Syllabus
Intro
History of Attack
Attack Framework
Attack Navigator
Scoring
Weight
Points
Threat Detection Report
Threat Modeling
Matrix and KPI
Sigma
Modular
OS Query
Tread Hunting
Red Canary
Atomic Friday
RedTeam Automation
Commercial
Key takeaways
Thank you
Taught by
NorthSec
Related Courses
-
The SOC Counter ATT&CK
-
DeTT&CT - Mapping Your Blue Team to MITRE ATT&CK
-
Developing a Converged IT/OT Threat Model Using MITRE ATT&CK
-
Don't Boil the Ocean - Using MITRE ATT&CK to Guide Hunting Activity
3.0 -
Threat Hunting - Using MITRE ATT&CK Against Carbanak Malware
-
Using ATT&CK Framework for Defensive Cybersecurity Operations
