ATPs and Use Cases Research
This article is my research into known ATPs, TTP, IOC Major threat breaches in order to develop Uses cases for Threat Detection based ATPs, TTP, IOC Major threat breaches.
- Data Sources
- Use Cases/Open SCAPs https://www.open-scap.org/features/vulnerability-assessment/
- TTP/IOCs – Use Cases/Data Sources
- Enforceable undertakings
- Tactics https://attack.mitre.org/tactics/pre/
- Software – https://attack.mitre.org/software/
- Techniques – https://attack.mitre.org/techniques/pre/
- Common Vulnerability Scoring System version – https://www.first.org/cvss/specification-document
- CWE – https://nvd.nist.gov/vuln/categories
TOP TEN CVE Vendors
- Patch Management – Tripwire-Dimensional-Research-VM-Survey
- While 59% of respondents said they could detect new hardware or software added to their network within minutes or hours, 31% said it would take days, weeks or even months. Another 11% said they couldn’t detect it at all.
- More than a third (35%) said they used automatic discovery solutions on less than half of their software and hardware assets. Another 13% said they didn’t use automatic discovery at all.
- While a large majority reported doing some kind of vulnerability scanning, 39% said they did it monthly or less often than that.
- A large majority (74%) reported that they fixed vulnerabilities in a month or less, but that still leaves the “one-in-four” that don’t. And while about half reported applying patches in two weeks or less, that means the other half don’t.
- For creators and vendors of software products, the survey also came with a warning. A majority of respondents said their organizations would, in some cases, stop using a product because of vulnerabilities. Few–only 6%–said they did it frequently, but another 31% said they did it occasionally and 44% said while it was rare, it happens. And 82% said a patch for a disclosed vulnerability should be available within two weeks or less.