Detecting MITRE ATT&CK Techniques
The MITRE ATT&CK Matrix is a knowledge base for threat intelligence. ATT&CK is also used as a common language for threat hunters around the globe.
The following examples illustrate possibilities to detect some of the network-based techniques from the MITRE ATT&CK Matrix using cognitix Threat Defender.
Tip
For additional examples see the following:
Handling Newly Discovered Assets shows how the automatic discovery of assets can be used to prevent attackers from introducing their own hardware into the network (T1200)
Creating Correlation Scenarios: Blocking TCP Port Scanners shows the predefined correlation scenario to detect Network Service Scanning (T1046).
Enabling the predefined DDoS protection scenario detects and blocks the ATT&CK technique T1499.
Additional References:
If you want to look up the settings options for network objects, refer to Network Objects in the interface reference.
If you want to look up the settings options for correlation scenarios, refer to Advanced Correlation in the interface reference.