Part 2 – Detection Improvements and Alignment with ATT&CK
The second part of this book starts with a text-heavy chapter listing out the different tactics and techniques for a number of different MITRE ATT&CK framework matrices. Then, a few techniques are looked at further from each matrix. After the details of the framework are provided, the following chapter covers the practical knowledge of the framework so that you will be able to understand the matrices and apply mitigations and detections that can directly map to different techniques. This chapter also explores different detections that have a proven track record for working and covers some mistakes that are commonly made so that you may hopefully learn from them. This sets you up for the third part, which is focused on triaging the detections that have now been put in place.
This part has the following chapters:
- Chapter 5, A Deep Dive into the ATT&CK Framework
- Chapter 6, Strategies to Map to...
