- Home >
- Resources >
- White Paper
Unlocking Effective Threat Detection and Investigation with Analytics and TTPs
White Paper
How UEBA and MITRE ATT&CK Techniques Significantly Improves SOC Productivity
Tactics, techniques and procedures (TTPs) provide a description of activities used by an adversary. They describe the “what and how” of an attack. Using TTPs enables security analysts to look for attack patterns instead of the artifacts left after as a result of an attack. Attack artifacts are often referred to as “indicators of compromise” (IOCs); they are merely pieces of evidence observed on a network or on operating systems that indicate some level of intrusion has occurred.
MITRE ATT&CK maps tactics, techniques, and procedures used by adversaries cataloged in millions of attacks on enterprise networks and systems to a common framework. It provides a common taxonomy and knowledge base that the security community can use in communication, as well as in their efforts for detection, investigation and response.
The incident timeline provided by Exabeam, called a Smart TimelineTM, is the operational point of integration with the MITRE framework. Instead of becoming distracted by potentially irrelevant TTPs, the timeline provides useful one-click access to all of the context surrounding a potentially damaging incident.
Get the White Paper: Considering Microsoft Sentinel for SIEM
Complete the form below and submit to download this resource.