In this post I end the tutorial series with some real world examples of how ATT&CK is being used from the most recent ATT&CKCON.
Blog
The Signals Corps blog
-
MITRE ATT&CK 108: My favourite talks from MITRE's ATT&CKCON 3.0
Tutorials Att&ck July 25, 2022
-
MITRE ATT&CK 107: Integrating Workbench Data to Other Tools
Tutorials Att&ck July 11, 2022
In this post I will show you how to export and share your custom versions of ATT&CK.
-
MITRE ATT&CK 106: Using the Workbench to Create Custom Objects
Tutorials Att&ck June 27, 2022
In this post I will show you I will show you how to create new and and edit existing ATT&CK Objects.
-
MITRE ATT&CK 105: Threat Report ATT&CK Mapping (TRAM)
Tutorials Att&ck June 13, 2022
In this post I will show you how to turn unstructured data into structured threat intelligence with ATT&CK context.
-
MITRE ATT&CK 104: Using Navigator for Detection
In this post I will show you how to systematically improve up your defenses using the MITRE ATT&CK Navigator.
-
MITRE ATT&CK 103: Modelling Intelligence Using Navigator
In this post I will show you how to track ATT&CK Tactics and Techniques against intelligence reports using the ATT&CK Navigator.
-
MITRE ATT&CK 102: STIX 2.1 Customisation
In this post I review of all the Custom STIX 2.1 Objects and Properties used by the ATT&CK.
-
MITRE ATT&CK 101: Data Structure
Tutorials Att&ck April 18, 2022
In this post I take a look at how the framework is structured on STIX 2.1 Objects.
-
Sigma Rules 107: Sigmac
Tutorials Sigma March 21, 2022
In this post I will show you how to use Sigmac to automatically transform your Sigma Rules into other target query languages.
-
Sigma Rules 106: Writing Splunk detections in SPL
Tutorials Sigma March 07, 2022
In this post I will take a look at creating basic SPL searches for Splunk (and show a manual conversion of a Sigma rule to a Splunk Detection).
-
Sigma Rules 105: Writing Detections in Kusto for Microsoft Sentinel
Tutorials Sigma February 21, 2022
In this post I will take a look at creating basic Kusto rules for Microsoft Sentinel (and show a manual conversion of a Sigma rule to Kusto rule).
-
Sigma Rules 104: Writing Detections in YARA-L for Google Chronicle
Tutorials Sigma February 07, 2022
In this post I will take a look at creating basic YARA-L for Google Chronicle (and show a manual conversion of a Sigma rule to YARA-L format).
-
Sigma Rules 103: Writing Detections (Conditions)
Tutorials Sigma January 24, 2022
In this post I will dive into how to define conditions to create complex detection criteria for Sigma Rules.
-
Sigma Rules 102: Writing Detections (Search Identifiers)
Tutorials Sigma January 10, 2022
In this post I will dive into the details of Sigma detection logic and how to start writing more advanced rules.
-
Sigma Rules 101: Metadata and Logsources
Tutorials Sigma December 27, 2021
In this post I will introduce the structure of Sigma Rules and how to write attributes to support detection content
-
OASIS TAXII 2.1 104: Medallion TAXII Server
Tutorials Taxii November 29, 2021
In this post I will show an open-source TAXII Server allowing you to quickly get up and running to share intelligence.
-
OASIS TAXII 2.1 103: Updating Objects in Collections
Tutorials Taxii November 15, 2021
In this post I will show intelligence producers how to add and remove STIX 2.1 Objects using a TAXII Server API.
-
OASIS TAXII 2.1 102: Consuming Objects in Collections
Tutorials Taxii November 01, 2021
In this post I will walk through how TAXII Clients logically consume cyber threat intelligence from Collections using a TAXII 2.1 API.
-
OASIS TAXII 2.1 101: TAXII Concepts
Tutorials Taxii October 18, 2021
In this post I will give you an introduction of TAXII 2.1 concepts to prepare you for the following posts in the tutorial series.
-
OASIS STIX 2.1 107: Tooling
Tutorials Stix October 04, 2021
In this post I will introduce you to a few tools that will help you create and manage STIX 2.1 content.
-
OASIS STIX 2.1 106: Bundling
Tutorials Stix September 20, 2021
In this post I will show you how to package your STIX Objects so that they can be shared with others and integrated with other software.
-
OASIS STIX 2.1 105: Versioning
Tutorials Stix September 06, 2021
In this post I will show you some best practices for modifying STIX Objects by implementing proper versioning.
-
OASIS STIX 2.1 104: Customisation
Tutorials Stix August 23, 2021
In this post I will talk about customising STIX Objects when the predefined specification does not meet the needs of a data creators.
-
OASIS STIX 2.1 103: Patterns
Tutorials Stix August 09, 2021
In this post I will deconstruct STIX Patterns and demonstrate how to write effective detection rules (aka patterns).
-
OASIS STIX 2.1 102: Relationships
In this post I will talk about how STIX 2.1 Objects can be connected to build a complete picture of a threat.
-
OASIS STIX 2.1 101: Objects
In this post I will introduce some of the basic STIX concepts with a focus on STIX 2.1 Domain Objects (SDOs).