Detect MITRE ATT&CK Techniques
The MITRE ATT&CK Matrix is a knowledge base for adversary tactics and techniques. ATT&CK is also used as a common language for threat hunters around the globe.
The following examples illustrate possibilities to detect some of the network-based techniques from the MITRE ATT&CK Matrix using cognitix Threat Defender.
Tip
For additional examples see the following:
Handle Newly Discovered Assets shows how the automatic discovery of assets can be used to prevent attackers from introducing their own hardware into the network (T1200)
Enabling the predefined DDoS protection scenario detects and blocks the ATT&CK technique T1499.
Additional References:
If you want to look up the settings options for network objects, refer to Network Objects in the interface reference.
If you want to look up the settings options for correlation scenarios, refer to Advanced Correlation in the interface reference.