Integrate MITRE ATT&CK into investigation flows
Security operations teams are constantly looking to adopt more structured and proactive approaches to improving threat detection. What do you do when faced with a shopping aisle of threat detection tools? You turn to frameworks like MITRE ATT&CK to evaluate possible solutions against a real-world array of adversary tactics, techniques, and procedures (TTPs).
The MITRE ATT&CK Framework is a valuable threat detection guide but that is where it ends. Analysts still need to do the work of searching separate locations or resorting to Google to understand the implications of a given detection or finding out where on the Framework a particular detection might have relevance.
ExtraHop offers easier ways to integrate ATT&CK into investigation flows. Its existing detection cards automatically provide background information about attack behaviours, as well as links to MITRE ATT&CK TTPs. Users can view detections on a visual matrix, mapped to the MITRE ATT&CK Framework, as well as search their environment for detections by MITRE ATT&CK code.
Watch this three-minute video to see how the new feature works, then dive into the free online demo to try it for yourself!
*The MITRE ATT&CK Framework is a valuable threat detection guide but that is where it ends. Analysts still need to do the work of searching separate locations or resorting to Google to understand the implications of a given detection or finding out where on the Framework a particular detection might have relevance.
If you’d like to explore our security solutions, contact us on
sales@bluelabeltech.com
