Fortinet Threat Hunting Workshop

Threat Hunting using MITRE ATT&CK™ TTPs to Identify Adversarial Behaviors

In today’s cybersecurity landscape, many breaches go undetected by traditional security measures that purely hunt for threats based on IOCs such as hashes, IPs and domains. To effectively address this challenge, organisations need to adopt a proactive approach that involves hunting for threats based on the Tactics, Techniques and Procedures (TTPs) that threat actors use.

The Threat hunting challenge is set up with several exercises set around the technical goals the adversary is trying to achieve (ATT&CK™ Tactics), for example, Initial Access, Persistence, Privilege Escalation, Command and Control. Participants will be asked to detect any techniques being used by an adversary to achieve these goals.

Attendees will learn:
•    What is the MITRE ATT&CK framework and how it can be used
•    What are the TTPs that the threat Actor uses to carry out a breach
•    How to use FortiEDR Threat Hunting capabilities to uncover threats on the network
•    How to use FortiSIEM analytics to discover attacker behaviour based on attack techniques
•    How to use FortiDecepter to find attacker activity and shorten attacker dwell time