CTID

Read the first part of my ATT&CK series Read the second part of my ATT&CK series Read the third part of my ATT&CK series Ransomware Today, instead of working based on a supposed activity sector of my company, as I did in my last entry, I’m going to work on the most famous and common threat. Ransomware continues to be the main threat for most companies of all sizes and across all sectors, as multiple reports from CTI companies demonstrate for the last few years. [Read More]

See part 1 of this series here See part 2 of this series here Prioritizing new detections Today we continue our journey to improve our network detections. The next step is incorporating real-world threat data. Last time, we got an ATT&CK navigator layer where we identified which TTPs we have visibility but no detections. You can see the results with this JSON layer. This is just an example, not based in reality, although I’ve seen similar scenarios in real life :). [Read More]