The MITRE ATT&CK framework is quickly growing in popularity as an effective method to get on the offense of threat detection and response. In this webinar, presenters go beyond definitions and demonstrate how to apply the MITRE ATT&CK framework to your security monitoring.
Paul Asadoorian and Matt Alderman of Security Weekly provide an overview of the MITRE ATT&CK framework, discuss how to prioritize the capabilities of the framework, and review some of the existing open source tools for testing/mapping to MITRE.
Brian Coulson and Dan Kaiser from LogRhythm explain how to align the MITRE ATT&CK framework with a SIEM platform and how to detect the following, common MITRE techniques:
- T1090 – Connection Proxy
- T1048 – Exfiltration Over Alternative Protocol
- T1036 – Masquerading
- T1189 – Drive-by Compromise
- T1035 – Service Execution
In this webinar, you will learn:
- Which MITRE ATT&CK techniques you should prioritize
- The logs you should collect and what to look for
- How to use SIEM technology with ATT&CK for threat hunting
Watch the on-demand webinar now to learn more about the MITRE ATT&CK framework and how to align it with a SIEM platform.