Detecting MITRE ATT&CK Techniques

The MITRE ATT&CK Matrix is a knowledge base for threat intelligence. ATT&CK is also used as a common language for threat hunters around the globe.

The following examples illustrate possibilities to detect some of the network-based techniques from the MITRE ATT&CK Matrix using cognitix Threat Defender.

Tip

For additional examples see the following:

• Handling Newly Discovered Assets shows how the automatic discovery of assets can be used to prevent attackers from introducing their own hardware into the network (T1200)

• Creating Correlation Scenarios: Blocking TCP Port Scanners shows the predefined correlation scenario to detect Network Service Scanning (T1046).

• Enabling the predefined DDoS protection scenario detects and blocks the ATT&CK technique T1499.

• Detecting SSH Brute Force
• Detecting Data Obfuscation: Protocol Impersonation

---

Additional References:

• If you want to look up the settings options for network objects, refer to Network Objects in the interface reference.

• If you want to look up the settings options for correlation scenarios, refer to Advanced Correlation in the interface reference.