DeTTECT Tutorial

Question

DeTTECT Tutorial

palevelmode opened this issue 5 years ago · 8 comments

I someone can upload a youtube tutorial of blog how to use this. I'm lost. I can't follow the guide.

Answer 1 · 2019-07-20T13:10:52.000Z

@palevelmode Ruben and I wrote a blog on DeTT&CT that can be found here: DeTT&CT: Mapping your Blue Team to MITRE ATT&CK™. In addition, you can find slides from a presentation we gave here: https://github.com/rabobank-cdc/Presentations/blob/master/20190510_DeTT%26CT%20-%20European%20MITRE%20ATTACK%20Group.pdf

I hope the blog and slides help. Is there anything in particular you can't follow? Happy to explain.

Answer 2 · 2019-07-22T04:58:34.000Z

Thank Sir Marcus, I will walk through the link you have shared. And will get back once I have a question. Actually I have done this Mitre mapping the same from the threat hunting guide of cyberwardog.

Answer 3 · 2019-07-23T12:53:56.000Z

Thank you. I am happy. I have the grasp how to use this tool now. Can I ask how can I check my current data sources using the statistics. below. Can change the path or file name? Seems like this is a default.

python dettect.py generic --statistics

Answer 4 · 2019-07-24T05:37:14.000Z

When using the comment python dettect.py generic --statistics it will calculate statistics based on the information ATT&CK has on the data sources listed within ATT&CK techniques. So, it gives you an indication on which data sources are of the most value.

More interesting for you may be to use your data source administration file to draft a rough overview of your visibility coverage and load the JSON layer file into the ATT&CK Navigator: python dettect.py ds -f sample-data/data-sources-endpoints.yaml -l

Answer 5 · 2019-08-06T00:51:15.000Z

Hi We can close this now. Thanks for your and your team's support. I got a positive outcome when I use this tool to visualize our current security posture. Our management was pleased :)

A little bit off topic. I hope you can share a high quality of the DeTTECT logo. If it is OK with your team I like to have it as banner here in our SOC and as a hoodie also.

Kudos to you all. Long live #Blue #Azul

Answer 6 · 2019-08-06T07:27:16.000Z

Good to hear that you had a positive outcome in using DeTT&CT! Thanks for letting us know. Always very nice to hear when others also find it useful and have success in using it :-D

Awesome! I've uploaded a high res logo on my personal GitHub: https://github.com/marcusbakker/Miscellaneous/raw/master/DeTT%26CT-logo.png

Answer 7 · 2019-08-06T11:39:08.000Z

Hi Sir, Thank you again.

Our long term would be the mapping of SOC detection capabilities via "detection" heat map.

Answer 8 · 2019-08-06T18:19:49.000Z

You're welcome