You're reading from Aligning Security Operations with the MITRE ATT&CK Framework Level up your security operations center for better security

Product type Paperback

Published in May 2023

Publisher Packt

ISBN-13 9781804614266

Length 192 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Rebecca Blair

View More author details

Table of Contents (18) Chapters

Preface

1. Part 1 – The Basics: SOC and ATT&CK, Two Worlds in a Delicate Balance

2. Chapter 1: SOC Basics – Structure, Personnel, Coverage, and Tools FREE CHAPTER

3. Chapter 2: Analyzing Your Environment for Potential Pitfalls

4. Chapter 3: Reviewing Different Threat Models

5. Chapter 4: What Is the ATT&CK Framework?

6. Part 2 – Detection Improvements and Alignment with ATT&CK

7. Chapter 5: A Deep Dive into the ATT&CK Framework

8. Chapter 6: Strategies to Map to ATT&CK

9. Chapter 7: Common Mistakes with Implementation

10. Chapter 8: Return on Investment Detections

11. Part 3 – Continuous Improvement and Innovation

12. Chapter 9: What Happens After an Alert is Triggered?

13. Chapter 10: Validating Any Mappings and Detections

14. Chapter 11: Implementing ATT&CK in All Parts of Your SOC

15. Chapter 12: What’s Next? Areas for Innovation in Your SOC

16. Index

Why subscribe?

17. Other Books You May Enjoy

Automation is the way

As mentioned in other chapters, every team should be looking to automate as much as possible. Doing so will allow your team to increase their coverage and the number of alerts that can be triaged. In some of the previous examples, we’ve discussed using a Search Orchestration Automation and Response (SOAR) tool, which automates triage and response actions. These are tools such as Splunk Phantom and Insight Connect. They allow you to customize actions such as gathering information, quarantining systems, or implementing blocks. One of the issues is that not all teams and organizations have the money to purchase SOAR tools, so they must look to other options for automation.

One option if you have a coding background is to create your own scripts to automate different features. One example is when an old team member created a Python script that took the nightly vulnerability data, created JIRA tickets for the new vulnerabilities, and captured mean time to...