@4ndr3w6S @jamieantisocial @_rybaz @TheDFIRReport We're currently mulling over how to accompany some or all of this with structured data. <br><br>The idea being that both high level ("top N") data as well as lower level technique, procedure, and test mappings could easily be integrated into other workflows, tools, or reporting.

← @kwm Twitter archive

Keith

@kwm

@4ndr3w6S @jamieantisocial @_rybaz @TheDFIRReport We're currently mulling over how to accompany some or all of this with structured data.

The idea being that both high level ("top N") data as well as lower level technique, procedure, and test mappings could easily be integrated into other workflows, tools, or reporting.

2/3/2024, 1:25:30 PM

Favs: 1

Retweets: 0

link

Keith

@kwm

@4ndr3w6S @jamieantisocial @_rybaz @TheDFIRReport A good test of the above will be whether the community ends up with a usefully-sized corpus of threat > technique > test mappings that could be run via something like Invoke-Atomic's adversary emulation feature: https://github.com/redcanaryco/invoke-atomicredteam/wiki/Adversary-Emulation

Things we still need to figure out: cloud.

2/3/2024, 1:28:37 PM

Favs: 1

Retweets: 0

link

Keith

@kwm

@4ndr3w6S @jamieantisocial @_rybaz @TheDFIRReport Now would be the time to tell me what we're missing, things that would be particularly helpful, your other hopes and dreams re: open source threat intelligence (also detection engineering, incident response).

2/3/2024, 1:31:44 PM

Favs: 2

Retweets: 0

link