Detect MITRE ATT&CK Techniques

The MITRE ATT&CK Matrix is a knowledge base for adversary tactics and techniques. ATT&CK is also used as a common language for threat hunters around the globe.

The following examples illustrate possibilities to detect some of the network-based techniques from the MITRE ATT&CK Matrix using cognitix Threat Defender.

Tip

For additional examples see the following:

• Handle Newly Discovered Assets shows how the automatic discovery of assets can be used to prevent attackers from introducing their own hardware into the network (T1200)

• Enabling the predefined DDoS protection scenario detects and blocks the ATT&CK technique T1499.

• Block TCP Port Scanners (T1046)
• Detect SSH Brute Force (T1110)
• Detect Data Obfuscation: Protocol Impersonation (T1001:003)

---

Additional References:

• If you want to look up the settings options for network objects, refer to Network Objects in the interface reference.

• If you want to look up the settings options for correlation scenarios, refer to Advanced Correlation in the interface reference.