The Cybersecurity and Infrastructure Security Agency (CISA) has released Best Practices for MITRE ATT&CK Mapping, which shows analysts how to map adversary behavior using this framework through instructions and examples. The MITRE ATT&CK framework helps facilitate understandings of adversary behavior to help identify defensive gaps, assess security tool capabilities, hunt for threats, and more. Many of CISA’s alerts and advisories utilize this framework, which enables it to produce a set of mappings to develop adversary profiles; conduct activity trend analyses; and detect, respond to, and mitigate threats. CISA observes that an increase in the number of organizations integrating the ATT&CK framework in their analyses will have a positive impact on the efficiency and efficacy of information sharing within the community. Read the guide at CISA.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!