fibratus VS attack-stix-data

I'm thrilled to announce the availability of Fibratus 1.10.0. This release brings a set of interesting features , such as the Yara function for combining signature and behavior-based detections, expanded detection rules catalog, native grammar for sequence rules, etc.

I'm happy to announce the availability of Fibratus 1.10.0. Fibratus aims at providing a high-performance engine for capturing Windows system events and asserting them against a ruleset for the purpose of detecting adversary kill chain. All rules are built on top of the prominent MITRE security framework.

You can check the full changelog here.

In this story, we will create our first AI agents using Agent Development Kit. AI agents will be integrated with Google OSV, MITRE, KEV, and a bit of Google search. AI agents will enrich data about given vulnerabilities with public data from different sources to help prioritize (triage) problems.

Enter Powerpipe AWS CloudTrail Detections mod: pre-built dashboards and detections that work with your locally collected CloudTrail logs from the Tailpipe AWS plugin to provide security insights based on industry frameworks like MITRE ATT&CK. And the best part? It all runs locally without sending your sensitive log data anywhere.

TTPs stands for Tactics, Techniques & Procedures. This includes the whole MITRE ATT&CK Matrix, which means all the steps taken by an attacker to achieve their goal, starting from phishing attempts to persistence and data exfiltration.

# Neo4j Configuration NEO4J_URI=bolt://localhost:7687 NEO4J_USER=neo4j NEO4J_PASSWORD=your_password # MISP Configuration MISP_URL=https://your-misp-instance.com MISP_API_KEY=your_misp_api_key # MITRE ATT&CK Configuration MITRE_API_URL=https://attack.mitre.org/api/ # Database Configuration SQLITE_DB_PATH=data/threat_intel.db

The MITRE ATT&CK platform has become an indispensable tool for cybersecurity professionals worldwide. Developed by MITRE Corporation, this knowledge base is designed to help organizations understand and defend against cyber threats. Here's a concise overview of what the MITRE ATT&CK platform is, its usefulness, and who benefits from it.

For SOC analysts, even those with experience in corporate SOCs, the gaps can be just as significant. Many analysts lack the ability to write effective correlation rules and have a limited understanding of attack vectors or the MITRE ATT&CK framework. Their experience might be limited to basic, off-the-shelf content, without the depth required to investigate real incidents thoroughly.

It mentions it but doesn't dig into the minutiae. If you want to learn about it, visit https://attack.mitre.org/

Start here: https://attack.mitre.org

We do have a good idea about what sort of attacks are common. There is a whole framework for how ATP's operate and there are lists of which attack methods they currently prefer to use. https://attack.mitre.org/