Security Incident Creation and Threat Intelligence (14%) Flashcards
What is the MITRE ATT&CK framework?
A knowledge base of cyberattack tactics and techniques used as a foundation for the development of specific threat models and methodologies.
What does ATT&CK stand for?
Adversarial Tactics, Techniques, and Common Knowledge
The relationship between tactics and techniques can be visualized in the __________________.
ATT&CK Matrix
What are tactics?
Tactics represent the “why” of an ATT&CK technique. It is the adversary’s tactical objective: the reason for performing an action.
What are techniques?
Techniques represent “how” an adversary achieves a tactical objective by performing an action.
What table are tactics stored in?
Kill Chain Phase [sn_ti_stix2_kill_chain_phase]
What table are techniques stored in?
Attack Pattern [sn_ti_stix2_attack_pattern]
When alerts are ingested from the SIEM, what are executed to populate the MITRE-ATT&CK information on the Security Incident?
Extraction rule/s
What are three personas related to MITRE-ATT&CK usage?
- Security Teams
- Executive Teams
- Threat Intel Teams
What visually represents the structure of the STIX object and its relationship?
STIX Visualizer
What display aggregate data visually using colors to represent different values?
Heatmap
When setting up the MITRE-ATT&CK integration in ServiceNow, what is the first step?
Setup the TAXII Profile
For Threat Intelligence, what scope are all of the System Properties in?
Threat Intelligence Support Common [sn_ti]
What role is created when the MITRE-ATT&CK integration is setup?
sn_ti.mitre_analyst
Where can a listing of the Techniques be found?
Threat Intelligence > MITRE ATT&CK Repository > Techniques