Beginning the Cyber Security analysis on the right foot is crucial. Else you quickly loose focus and waste all your time.

Security Operations need a holistic approach to analyze known Threat Scenarios with better CTI – strategic & tactical – and better data collection sources.

A sophisticated Threat Intelligence capability can provide real facts, context and inform an organization on the MITRE ATT&CK tactics and techniques on which to focus.

Security Operations and DFIR

Blog archive

2020

Improve your SOC: SOAR or Threat Hunting or both?

2019

Resilient Playbook and automated actions for Threat Hunting and DFIR

Threat Hunting – a relatively new discipline in Cyber defense

2018

Resilient Workflows and Playbooks

Implementation – STIX knowledge and relevance graph – steps 16-21

Implementation – Related IP Addresses – steps 11-15

Implementation – STIX bundle – steps 7-10

Implementation – Overview – steps 0-6

Solution Draft

Current Security Operations and DFIR problems

Operationalizing the MITRE ATT&CK framework for Security Operations, Threat Hunting and DFIR

with SOAR, MITRE ATT&CK, SANS 6-step IR, The Diamond Model of Intrusion Analysis, Cyber Threat Intelligence, MaGMa Use Case Framework and more

Abstract:

In order to increase their maturity level, SOC organizations frequently introduce intelligence-driven Threat Hunting. Benefits of intel-driven Threat Hunting are... Read more

Rukhsar's recent GCFA Gold paper

December 2019

Read Rukhsar's recent GCFA Gold paper with the title Threat Hunting and Incident Response in a post-compromised environment

Download