Tags
Language
Tags
March 2024
Su Mo Tu We Th Fr Sa
25 26 27 28 29 1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31 1 2 3 4 5 6

DeTT&CT: Mapping Blue Team to ATT&CK

Posted By: lucky_aut
DeTT&CT: Mapping Blue Team to ATT&CK

DeTT&CT: Mapping Blue Team to ATT&CK
Published 12/2022
Duration: 01:02:23 | .MP4 1280x720, 30 fps(r) | AAC, 44100 Hz, 2ch | 550 MB
Genre: eLearning | Language: English

DeTT&CT Framework
What you'll learn
Understanding How to use DeTT&CT framework Theory & Hands on Implementation
Understand how to Map Your Blue Team To MITRE ATT&CK
MITRE ATT&CK Framework
Why we need DeTT&CT framework
Requirements
Zeal to Learn and Understand DeTT&CT framework
Description
Building detection is a complex task, especially with a constantly increasing amount of data sources. Keeping track of these data sources and their appropriate detection rules or avoiding duplicate detection rules covering the same techniques can give a hard time to detection engineers.
For a SOC, it is crucial to have an good overview and a clear understanding of its actual visibility and detection coverage in order to identify gaps, prioritize the development of new detection rules or onboard new data sources.
DeTT&CT stands for Detect Tactics, Techniques & Combat Threats. This framework has been created at the Cyber Defence Center of Rabobank and is developed and at the time of writing maintained by Marcus Bakker and Ruben Bouman.
The purpose of DeTT&CT is to assist blue teams using MITRE ATT&CK to score and compare data log source quality, visibility coverage and detection coverage. By using this framework, blue teams can quickly detect gaps in the detection or visibility coverage and prioritize the ingest of new log sources.
DeTT&CT delivers a framework than can map the information you have on the entities available in ATT&CK and help you manage your blue teams data, visibility, and detection coverage.
Data Sources:
Data sources are the raw logs or events generated by systems, e.g., security appliances, network devices, and endpoints. ATT&CK has over 30 different data sources which are further divided into over 90 data components. All those data components are included in this framework. These data sources are administered within the data source administration YAML file. For each data source, among others, the data quality can be scored. Within ATT&CK, these data sources are listed within the techniques themselves (e.g. T1003 in the Detection section).


Who this course is for:
Cyber Security Professionals, Incident Responders, Threat Hunter, Cloud Security Professional

More Info