Threat Hunting with MITRE ATT&CK framework
Medium – Aashish Bande
The MITRE ATT&CK framework can be used in various ways during the threat hunting process. Some of the ways include: Identifying attack vectors: By understanding the tactics and techniques used by attackers, threat hunters can focus their efforts on the most critical areas of the network and systems, and quickly identify potential attack vectors. Developing hunting hypotheses: The MITRE ATT&CK framework can be used to develop hypotheses about the methods that attackers might use to gain access to a network or system, and to identify potential indicators of compromise. Analyzing logs and data: The MITRE ATT&CK framework can be used to identify potential indicators of compromise in logs and data, such as network traffic, system events, and user activity. Prioritizing alerts: The MITRE ATT&CK framework can be used to prioritize alerts generated by security tools, such as intrusion detection systems and security information and event management (SIEM) systems. Validating incident response: After an incident has been identified, the MITRE ATT&CK framework can be used to validate the incident response process, ensuring that all relevant techniques and tactics were considered and addressed. Continuously monitoring : By continuously monitoring the network, systems, and data, organizations can use the MITRE ATT&CK framework to identify new and emerging threats and adapt their threat hunting strategies accordingly.
Link: https://medium.com/@aashish.bande/threat-hunting-with-mitre-att-ck-framework-4dd93649d297