Member-only story
10 best MITRE ATT&CK sources in one click with Pandas
MITRE ATT&CK is a source of knowledge about adversarial tactics and techniques. It is a common domain language in the world of cyber security. Which data source will give us the best cost effect? It depends. Every organization is different. We use different operating systems, network devices, and applications. We also have a different group of adversaries😁. This article will use pandas Python library and make a simple notebook.
Link to repo at the bottom 👇
MITRE ATT&CK? Why do I care?
Budgets are rarely unlimited, as are human resources, hardware, network bandwidth, and the capabilities of our SIEM. We need to choose wisely the data sources we want to collect. As it happens, we can find defined data sources and their components in MITRE. Need to convince management that you need to collect more events from Windows/Sysmon? This article can help you find arguments for that :-)
Why pandas?
Because it is a popular library for data transformation and analysis. Admittedly, I prefer Spark/PySpark… but I don’t want to bring use a sledgehammer to crack a nut. This article is an encouragement to use analytical tools other than “the protein interface” (a human) and a left mouse button.
