MITRE ATT&CK and Sigma Alerting

  • Wednesday, 13 Feb 2019 3:30PM EST (13 Feb 2019 20:30 UTC)
  • Speakers: John Hubbard, Justin Henderson

SIEM Series - SIEM Enhancements and Integrations

There is an age-old saying ' 'one should not reinvent the wheel. ' Yet, organizations and vendors are constantly doing so. The community does not need ten different ways across multiple products to find PowerShell obfuscation. This adds complexity and makes migrating solutions a nightmare.

A new approach solves this problem. Why not take known methods of discovering attacks through the MITRE ATT&CK framework and make them work across disparate solutions?

This webcast will introduce the Sigma Alert project and show examples of creating alert rules against MITRE ATT&CK framework items to discover attacks in a way that works for multiple products. Sigma allows for writing rules in a neutral rule format that supports converting the rule to support your product of choice.

Join us to see this in action and to gain an understanding of the value add to your organization.

'

Join us to see this in action and to gain an understanding of the value add to your organizati