Identify threat actors targeting your organization and hunt them on your network and host systems. Build threat actor profiles using MITRE ATT&CK and identify best practices for threat hunting automation. Leverage detection engineering to stop attacks early in the Cyber Kill Chain.
Learning Objectives
Create threat actor profiles and report your findings to key stakeholders Perform threat hunting on your network and host systems Build detection engineering using best practices to stop threat actors Assess threats to and vulnerabilities of computer system(s) to develop a security risk profile. (T0019) Assess the effectiveness of cybersecurity measures utilized by system(s). (T0018) Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources. (T0023) Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders. (T0025) Conduct analysis of log files, evidence, and other information to determine best methods for identifying the perpetrator(s) of a network intrusion. (T0027) Develop threat model based on customer interviews and requirements. (T0038) Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security. (T0161) Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change. (T0181) Determine tactics, techniques, and procedures (TTPs) for intrusion sets. (T0290)