LDR551-Book 3 Flashcards
What does the Internet Storm Center do?
Operates the Internet’s early warning system.
What skills are necessary for security leaders?
Business, leadership, and technical skills.
What is the inefficiency in traditional Blue Team operations?
Each team gathers and analyzes threat intel independently.
What is the benefit of information sharing in Blue Team operations?
Efficient sharing of defense knowledge.
What is MITRE ATT&CK?
Model for sharing attacker tactics and techniques.
What are Sigma signatures used for?
Log content matching.
What is the purpose of Jupyter notebooks in security analysis?
Make complex analysis repeatable and shareable.
What is MITRE D3FEND?
Knowledge graph of security countermeasures.
What is MITRE Engage?
Knowledge base for denial, deception, and adversary engagement.
What is D3FEND?
A knowledge graph mapping security countermeasures to attacks
What is the main goal of D3FEND?
Establish a common vocabulary for security tools
What is the most obvious use case for D3FEND?
Capturing and comparing features of controls
What has replaced MITRE’s Shield framework?
MITRE Engage
What does MITRE Engage describe?
Denial, deception, and adversary engagement techniques
What new concepts were added in MITRE Engage?
Goals and adversary vulnerabilities
What is YARA?
A language for defining file characteristics
What can YARA signatures identify?
Strings, bytes, and other content in files
Why should teams invest in learning YARA?
To produce file-based threat detections
What makes YARA signatures easy to manage?
Simple text-based format for change tracking
Who created notable YARA rule sets?
Didier Stevens and Florian Roth
What is Sigma?
High-level generic language for log analytics
Who leads the Sigma project?
Florian Roth and Thomas Patzke
What problem does Sigma address?
Generic detection for log content
How does Sigma benefit SOC teams?
Allows sharing and distributing log analytics