← @kwm Twitter archive



For those using @MITREattack to measure or reason about *visibility*:

75-85% of ATT&CK techniques are consistently observable[1] via leading commercial EDR products.

[1] Available for threat hunting, detection, investigation and similar use cases.

10/25/2018, 5:49:20 PM

Favs: 12

Retweets: 7



And yes, the same level of visibility or better is achievable using free and/or open source products such as Sysmon (@markrussinovich), Linux auditd, SUpraudit (@Morpheus______ ), etc.

10/25/2018, 6:16:39 PM

Favs: 7

Retweets: 0