Mitre ATT&CK Framework and Logsign

Logsign incorporates Mitre ATT&CK Framework to make it easier for you to understand and classify an attack's lifecycle and an attacker's steps.

Mitre ATT&CK Framework is a global database that documents and categorizes the tactics and techniques used by cyber attackers. Prepared by "Mitre Corporation" and released in 2013. Currently, the most updated version is V.11.2, which was published in April 2022. Logsign tracks Mitre ATT&CK Framework closely to offer you the most up-to-date version in its integration as soon as possible.

Logsign, in its Alert Management and Incident Management, uses Mitre ATT&CK Framework extensively. In addition, this data is also accessible by Logsign Analytics (Search, Report, Dashboard). As a result of these features, it is possible to say that Logsign uses Mitre ATT&CK Framework beyond the classification and explanation of the event.

mceclip0.png

 

In addition, Logsign is a Next-Gen SIEM solution powered by Threat Intelligence and behavioral analysis. This well-designed mechanism offers faster detection, a better understanding of events, and automatic or semi-automatic intervention.

 

Let's see where we offer Mitre ATT&CK Framework features and data in Logsign SIEM,

  • Classification of each alarm, informing the user about tactics and techniques,
  • As a matrix, summary, and detailed information in the Incident Management module,
  • In prebuilt dashboards or in creating new ones,
  • To easily create reports in the Report section,
  • As additional information in the enriched data pool.

 

Some popular usage examples are listed below,

MITRE Matrix is a part of Logsign Incident Management

In the Incident Module of Logsign, a specially designed area is reserved for MITRE Matrix. For an event you investigate, this particular area examines all the movements of the actors on the system and visualizes them for you as MITRE Matrix.

mceclip1.png

MITRE Description is available at Logsign Incident Details View

Logsign not only lists the names of tactics and techniques but also includes a library where you can access the explanations of these incidents with one touch.

mceclip2.png

MITRE Tactics at Logsign Incident Summary View

Logsign offers you a summary that makes it easy to understand an incident. Without needing a detailed analysis, Logsign includes the most basic information for you in this summary area.

mceclip3.png

MITRE Tactics and Techniques information at Logsign Dashboards & Reports

Logsign stores and indexes Mitre data for you to use in dashboards and reports. Thanks to this, it is possible to create custom reports and dashboards. These data provide you with a statistical summary or detailed information about which tactics and techniques the attacker used, or the victim was exposed to.

mceclip4.png

 

Was this article helpful?
2 out of 2 found this helpful

Articles in this section

Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.