Logsign incorporates Mitre ATT&CK Framework to make it easier for you to understand and classify an attack's lifecycle and an attacker's steps.
Mitre ATT&CK Framework is a global database that documents and categorizes the tactics and techniques used by cyber attackers. Prepared by "Mitre Corporation" and released in 2013. Currently, the most updated version is V.11.2, which was published in April 2022. Logsign tracks Mitre ATT&CK Framework closely to offer you the most up-to-date version in its integration as soon as possible.
Logsign, in its Alert Management and Incident Management, uses Mitre ATT&CK Framework extensively. In addition, this data is also accessible by Logsign Analytics (Search, Report, Dashboard). As a result of these features, it is possible to say that Logsign uses Mitre ATT&CK Framework beyond the classification and explanation of the event.
In addition, Logsign is a Next-Gen SIEM solution powered by Threat Intelligence and behavioral analysis. This well-designed mechanism offers faster detection, a better understanding of events, and automatic or semi-automatic intervention.
Let's see where we offer Mitre ATT&CK Framework features and data in Logsign SIEM,
- Classification of each alarm, informing the user about tactics and techniques,
- As a matrix, summary, and detailed information in the Incident Management module,
- In prebuilt dashboards or in creating new ones,
- To easily create reports in the Report section,
- As additional information in the enriched data pool.
Some popular usage examples are listed below,
MITRE Matrix is a part of Logsign Incident Management
In the Incident Module of Logsign, a specially designed area is reserved for MITRE Matrix. For an event you investigate, this particular area examines all the movements of the actors on the system and visualizes them for you as MITRE Matrix.
MITRE Description is available at Logsign Incident Details View
Logsign not only lists the names of tactics and techniques but also includes a library where you can access the explanations of these incidents with one touch.
MITRE Tactics at Logsign Incident Summary View
Logsign offers you a summary that makes it easy to understand an incident. Without needing a detailed analysis, Logsign includes the most basic information for you in this summary area.
MITRE Tactics and Techniques information at Logsign Dashboards & Reports
Logsign stores and indexes Mitre data for you to use in dashboards and reports. Thanks to this, it is possible to create custom reports and dashboards. These data provide you with a statistical summary or detailed information about which tactics and techniques the attacker used, or the victim was exposed to.