2 Hours

Using ATT&CK to Map Threat Intelligence to Detections

This workshop will walk through the anatomy of an incident, from mapping incident stages to the ATT&CK tactics and techniques.
Company
This is some text inside of a div block.
Category
This is some text inside of a div block.
Date
This is some text inside of a div block.

Harness the MITRE ATT&CK matrix to your advantage.

With so many possible threats, it might seem daunting to understand how we can learn from our previous incidents, or incidents experienced by other organisations. Traditionally when threat intelligence has been focused on Indicators of compromise (IOCs) it can seem a daunting task to know how to get all that information and put it to good use. The thing is, IOCs are not everything, IOCs are ephemeral. They have a shelf life, and that shelf life can be very short in some instances. So a defence plan that focuses on ingesting IOCs and blocking them will never increase the maturity of a detect and respond capability. This is why MITRE ATT&CK was developed.

“MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.”

This workshop will walk through the anatomy of an incident, from mapping incident stages to the ATT&CK tactics and techniques and then developing detection and mitigation strategies most relevant to that particular threat type.

You'll walk away with:

  • How the MITRE ATT&CK matrix can be used to catalogue threat actor activities during an incident.
  • How we can develop detection and mitigation strategies based on the techniques identified.

Register your interest in MISP Kickstart training from Cosive.

Leave your details with us and we'll let you know about upcoming MISP training workshops in your timezone.

Thank you! We've received your details and will be in touch with future updates.
Oops! Something went wrong while submitting the form.

Register your interest in MISP Kickstart training from Cosive.

Leave your details with us and we'll let you know about upcoming MISP training workshops in your timezone.

Thank you! We've received your details and will be in touch with future updates.
Oops! Something went wrong while submitting the form.