You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It would be great to have an option where selecting multiple TTPs, whether during an incident or following an incident during threat intelligence analysis, to run correlation against the layers for each of the threat actors already included in Navigator.
For example:
Investigator finds that valid accounts were used (T1078), Brute Force Password Spraying (T1110.003), and Exfil over C2 (T1041). These are all selected, and then run correlation/reverse scoring, and it spits out that these are 3/27 techniques for Lazarus, 2/32 techniques for Leviathan, and 0/26 techniques for FIN7...
I'm thinking of a python script that does this with the downloaded json, but it would be helpful to have it in the platform.
The text was updated successfully, but these errors were encountered:
It would be great to have an option where selecting multiple TTPs, whether during an incident or following an incident during threat intelligence analysis, to run correlation against the layers for each of the threat actors already included in Navigator.
For example:
Investigator finds that valid accounts were used (T1078), Brute Force Password Spraying (T1110.003), and Exfil over C2 (T1041). These are all selected, and then run correlation/reverse scoring, and it spits out that these are 3/27 techniques for Lazarus, 2/32 techniques for Leviathan, and 0/26 techniques for FIN7...
I'm thinking of a python script that does this with the downloaded json, but it would be helpful to have it in the platform.
The text was updated successfully, but these errors were encountered: