The MITRE ATT&CK framework provides probably the best basis for understanding attack techniques and tactics. Try to say that 10 times real fast: attack techniques and tactics.
Many organizations rely on it and over time Microsoft Sentinel has provided more and deeper integration.
That integration is even more pronounced in the MITRE blade that has now been revealed in Public Preview in the Microsoft Sentinel console.
The MITRE blade is a one-stop location to identify current coverage for each technique within Microsoft Sentinel through the enabled and available to enable Analytics Rules. It also showcases those areas where coverage might not be available so you would need to create your own Analytics Rules.
The Microsoft teams have been working in concert really well, so the Doc for this feature is also available: Understand security coverage by the MITRE ATT&CKĀ® framework
=========================
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Microsoft Sentinel Newsletter]
[Subscribe to the Weekly Microsoft Defender Newsletter]
[Learn KQL with the Must Learn KQL series and book]
You must log in to post a comment.