Security News > 2022 > November > Threat hunting with MITRE ATT&CK and Wazuh

Wazuh offers robust capabilities like file integrity monitoring, security configuration assessment, threat detection, automated response to threats, and integration with solutions that provide threat intelligence feeds.

Wazuh comes with the MITRE ATT&CK module out-of-the-box and threat detection rules mapped against their corresponding MITRE technique IDs.

a. The intelligence component of the Wazuh MITRE ATT&CK module: Contains detailed information about threat groups, mitigation, software, tactics, and techniques used in cyber attacks.

b. The framework component of the Wazuh MITRE ATT&CK module: Helps threat hunters narrow down threats or compromised endpoints.

c. The dashboard component of the MITRE ATT&CK module: Helps to summarize all events into charts to assist threat hunters in having a quick overview of MITRE related activities in an infrastructure.

The MITRE ATT&CK framework helps to properly classify and identify threats according to discovered TTPs. Wazuh uses its dedicated MITRE ATT&CK components to display information about how security data from endpoints correspond to TTPs. The threat hunting capabilities of Wazuh help cybersecurity analysts to detect apparent cyber attacks as well as underlying compromises to infrastructure.

News URL

https://thehackernews.com/2022/11/threat-hunting-with-mitre-att-and-wazuh.html