Advanced Detection Content

Table of Contents

Introduction

For those who have their SIEM basics under control, this guide shows you far more security content, and also recommends additional capabilities such as leveraging MITRE ATT&CK to help you view the right information.

Other Recommendations

MITRE ATT&CK Matrix

External Link

MITRE ATT&CK-based Content Recommendations

With an understanding of what data you have, you can specify the types of security concerns you’re facing and then use MITRE ATT&CK to filter for the Splunk content related to MITRE Techniques that are associated with many different threat groups.

  1. Select a category of issue that you are concerned about. If desired, you can also adjust the default filters for data availability and popularity.

  2. You will be greeted by a list of content that is tied to ATT&CK techniques MITRE reports as being popular with many threat groups.

  3. This dashboard is built on the Data Inventory and Correlation Search Introspection, so if you haven’t configured those yet, make sure to visit those pages.