You're reading from Aligning Security Operations with the MITRE ATT&CK Framework Level up your security operations center for better security

Product type Paperback

Published in May 2023

Publisher Packt

ISBN-13 9781804614266

Length 192 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Rebecca Blair

View More author details

Table of Contents (18) Chapters

Preface

1. Part 1 – The Basics: SOC and ATT&CK, Two Worlds in a Delicate Balance

2. Chapter 1: SOC Basics – Structure, Personnel, Coverage, and Tools FREE CHAPTER

3. Chapter 2: Analyzing Your Environment for Potential Pitfalls

4. Chapter 3: Reviewing Different Threat Models

5. Chapter 4: What Is the ATT&CK Framework?

6. Part 2 – Detection Improvements and Alignment with ATT&CK

7. Chapter 5: A Deep Dive into the ATT&CK Framework

8. Chapter 6: Strategies to Map to ATT&CK

9. Chapter 7: Common Mistakes with Implementation

10. Chapter 8: Return on Investment Detections

11. Part 3 – Continuous Improvement and Innovation

12. Chapter 9: What Happens After an Alert is Triggered?

13. Chapter 10: Validating Any Mappings and Detections

14. Chapter 11: Implementing ATT&CK in All Parts of Your SOC

15. Chapter 12: What’s Next? Areas for Innovation in Your SOC

16. Index

Why subscribe?

17. Other Books You May Enjoy

What’s next? Example playbooks and how to create them

As alerts come into the security operations center (SOC), you need to find a way to streamline triage and have it done in a repeatable format. By doing so, you’ll be able to scale your team because any member can follow a pre-determined set of steps to triage. That set of steps is what is known as a playbook. There are many different formats for playbooks, such as flowcharts and bulleted/numbered lists, and we can use tools to create playbooks with a native language or Python. We'll look at a few different options in this section.

Before we can even create a playbook, we must ensure we have repeatable detection types. This might mean that you have to break down a detection to be more specific rather than general or need to establish at least a few steps of what could be normal. It helps to have a senior analyst work with a junior analyst to determine the triage steps. The senior analyst will have insights on...