In this post I will show you how to turn unstructured data into structured threat intelligence with ATT&CK context.
Blog
The Signals Corps blog
-
MITRE ATT&CK 105: Threat Report ATT&CK Mapping (TRAM)
Tutorials Att&ck June 27, 2022
-
MITRE ATT&CK 104: Using Navigator for Detection
Tutorials Att&ck June 13, 2022
In this post I will show you how to systematically improve up your defenses using the MITRE ATT&CK Navigator.
-
MITRE ATT&CK 103: Modelling Intelligence Using Navigator
In this post I will show you how to track ATT&CK Tactics and Techniques against intelligence reports using the ATT&CK Navigator.
-
MITRE ATT&CK 102: STIX 2.1 Customisation
In this post I review of all the Custom STIX 2.1 Objects and Properties used by the ATT&CK.
-
MITRE ATT&CK 101: Data Structure
In this post I take a look at how the framework is structured on STIX 2.1 Objects.
-
Sigma Rules 109: Translation to STIX Objects
Sigma Tutorials April 18, 2022
In this post I will explain why you might want to turn Sigma Rules into STIX Objects and show an example of how it could be done.
-
Sigma Rules 107: Sigmac
Tutorials Sigma March 21, 2022
In this post I will show you how to use Sigmac to automatically transform your Sigma Rules into other target query languages.
-
Sigma Rules 106: Writing Splunk detections in SPL
Tutorials Sigma March 07, 2022
In this post I will take a look at creating basic SPL searches for Splunk (and show a manual conversion of a Sigma rule to a Splunk Detection).
-
Sigma Rules 105: Writing Detections in Kusto for Microsoft Sentinel
Tutorials Sigma February 21, 2022
In this post I will take a look at creating basic Kusto rules for Microsoft Sentinel (and show a manual conversion of a Sigma rule to Kusto rule).
-
Sigma Rules 104: Writing Detections in YARA-L for Google Chronicle
Tutorials Sigma February 07, 2022
In this post I will take a look at creating basic YARA-L for Google Chronicle (and show a manual conversion of a Sigma rule to YARA-L format).