Blog archive
2020
2019
2018
- Resilient Workflows and Playbooks
- Implementation – STIX knowledge and relevance graph – steps 16-21
- Implementation – Related IP Addresses – steps 11-15
- Implementation – STIX bundle – steps 7-10
- Implementation – Overview – steps 0-6
- Solution Draft
- Current Security Operations and DFIR problems
- Operationalizing the MITRE ATT&CK framework for Security Operations, Threat Hunting and DFIR
CTI-Stix-Diamond-Activity-Attack-Graph Open Source tool for visualizing STIX 2.1 content
April 2021
in an Attack Graph and Activity Thread Graph by applying The Diamond Model of Intrusion Analysis methodology as well as Tactics (Phases), Techniques and Procedures (TTP) from the MITRE ATT&CK v8.2 framework
More precisely the Attack Graph aims to provide a graphical representation of a known attack scenario sourced by some adversary (Threat Actor) whereas the Activity Thread Graph represents the local findings... Read more
Sign up for FREE online training sessions Intelligence-driven Threat Hunting for improving SOC maturity level
October 2020 - June 2021
with SOAR, MITRE ATT&CK, SANS 6-step IR, The Diamond Model of Intrusion Analysis, Cyber Threat Intelligence, MaGMa Use Case Framework and more
Abstract:
In order to increase their maturity level, SOC organizations frequently introduce intelligence-driven Threat Hunting. Benefits of intel-driven Threat Hunting are... Read more
Rukhsar's recent GCFA Gold paper
December 2019
Read Rukhsar's recent GCFA Gold paper with the title Threat Hunting and Incident Response in a post-compromised environment
