Comments (8)
palevelmode
commented on July 23, 2024
1
Hi We can close this now. Thanks for your and your team's support. I got a positive outcome when I use this tool to visualize our current security posture. Our management was pleased :)
A little bit off topic. I hope you can share a high quality of the DeTTECT logo. If it is OK with your team I like to have it as banner here in our SOC and as a hoodie also.
Kudos to you all. Long live #Blue #Azul
from dettect.
marcusbakker
commented on July 23, 2024
@palevelmode Ruben and I wrote a blog on DeTT&CT that can be found here: DeTT&CT: Mapping your Blue Team to MITRE ATT&CK™. In addition, you can find slides from a presentation we gave here: https://github.com/rabobank-cdc/Presentations/blob/master/20190510_DeTT%26CT%20-%20European%20MITRE%20ATTACK%20Group.pdf
I hope the blog and slides help. Is there anything in particular you can't follow? Happy to explain.
from dettect.
palevelmode
commented on July 23, 2024
Thank Sir Marcus, I will walk through the link you have shared. And will get back once I have a question. Actually I have done this Mitre mapping the same from the threat hunting guide of cyberwardog.
from dettect.
palevelmode
commented on July 23, 2024
Thank you. I am happy. I have the grasp how to use this tool now. Can I ask how can I check my current data sources using the statistics. below. Can change the path or file name? Seems like this is a default.
python dettect.py generic --statistics
from dettect.
marcusbakker
commented on July 23, 2024
When using the comment python dettect.py generic --statistics it will calculate statistics based on the information ATT&CK has on the data sources listed within ATT&CK techniques. So, it gives you an indication on which data sources are of the most value.
More interesting for you may be to use your data source administration file to draft a rough overview of your visibility coverage and load the JSON layer file into the ATT&CK Navigator: python dettect.py ds -f sample-data/data-sources-endpoints.yaml -l
from dettect.
marcusbakker
commented on July 23, 2024
Good to hear that you had a positive outcome in using DeTT&CT! Thanks for letting us know. Always very nice to hear when others also find it useful and have success in using it :-D
Awesome! I've uploaded a high res logo on my personal GitHub: https://github.com/marcusbakker/Miscellaneous/raw/master/DeTT%26CT-logo.png
from dettect.
palevelmode
commented on July 23, 2024
Hi Sir, Thank you again.
Our long term would be the mapping of SOC detection capabilities via "detection" heat map.
from dettect.
marcusbakker
commented on July 23, 2024
You're welcome
from dettect.
Related Issues (20)
- Feature Request: Export what's missing from Visibility or Detection HOT 3
- Receiving an error when converting data sources to json HOT 5
- Old versions of DeTTECT HOT 5
- unable to open jupyter notebook HOT 5
- error in connecting to MITRE's CTI TAXII server when convert yaml to json HOT 1
- Cannot connect to MITRE's CTI TAXII server HOT 1
- Unable to connect to Mitre Taxii Server HOT 2
- Feature request: add support for ATT&CK Version 14 HOT 2
- Some confusion about the "group" option HOT 1
- Duplicate value for applicable_to HOT 1
- arm64 docker image HOT 2
- Missing Data Sources By Technique
- Seeing some strangeness HOT 2
- Cannot connect to MITRE's CTI TAXII server HOT 2
- Current built mechnism broken - image likely outdated
- Latest techniques not appearing in editor HOT 1
- Feature request: Detection & Visibility overlay, highlighting where Visibility > Detection
- Question regarding detection rules/scoring HOT 1
- Question: How to handle non-mappable types of event? HOT 2
- Windows event log is not available while adding data source option. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dettect.