Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Validating ATT&CK Technique Coverage Using EDR Telemetry

Red Canary via YouTube

Overview

Learn how to effectively validate ATT&CK technique coverage through EDR telemetry in this 52-minute technical talk from Red Canary's Detection Validation Engineers. Explore the fundamentals of EDR telemetry analysis at scale and discover methods for breaking down ATT&CK techniques into individual data components. Master functional testing approaches and understand how specific actions translate to telemetry records across different EDR sensors. Gain practical knowledge about tooling that supports test execution and telemetry analysis, while learning to establish automated validation workflows for security teams. Examine real-world examples demonstrating where EDR telemetry succeeds and fails in detecting ATT&CK techniques, drawing from experience handling nearly a petabyte of daily endpoint telemetry. Discover how to initiate system validation processes and leverage the ATT&CK framework as an effective validation discussion tool.

Syllabus

Tidying up your nest: Validating ATT&CK technique coverage using EDR telemetry

Taught by

Red Canary

Reviews

Start your review of Validating ATT&CK Technique Coverage Using EDR Telemetry

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.