Using Att&ck framework in Azure Sentinel


The Mitre Att&ck framework is frequently utilized by Security Operation Centers to describe the behavior of the threat or to display detection capabilities. Because of the widespread use of the framework, a lot of Security vendors introduced it in their tooling. Azure Sentinel also has some capabilities related to Att&ck, but it does not provide every functionality a SOC needs. I created some solutions in the past (and present) to bypass Sentinel’s limitations which I am going to show in this article.
Read more