.md .pdf

repository open issue suggest edit

Contents

Introduction

This part of the project focuses on defining the required data in form of data objects and the relationships among each other needed to facilitate the creation of data analytics and validate the detection of adversary techniques. We have also extended this concept to the MITRE-ATT&CK framework here.

Available documents

File	Description
OSSEM Event Mappings (YAML file)	Security event logs mapped to OSSEM relationships (Includes ATT&CK data sources metadata)
ATT&CK Event Mappings (MD file)	Security event logs mapped to ATT&CK Data Sources Objects
ATT&CK Event Mappings (YAML file)	Security event logs mapped to ATT&CK Data Sources Objects
ATT&CK Event Mappings (CSV file)	Security event logs mapped to ATT&CK Data Sources Objects

References

• Defining ATT&CK Data Sources, Part I: Enhancing the Current State

• Defining ATT&CK Data Sources, Part II: Operationalizing the Methodology

• ATT&CK Data Sources GitHub repository

• CAR Analytics

• Common Information Model

• STIX Cybox ObjectRelationshipVOcab-1.1

• Cybox Object

• STIX Version 2.0. Part 4 - Cyber Observable Object

• Finding Cyber Threats with ATTCK Based Analytics

• CAR Analytics Data Model

• Quantifying your hunt - not your parent’s red teaming

previous

network_session

next

Relationships to Events