4 hours 42 minutes
Hello and welcome to the new module. Call it campaign and a license. This is the first lesson,
and it will be an introduction to campaigns.
In this lesson, we will discuss how patterns are identified and how intrusion correlation is done. We will introduce, as well some techniques and methods that can be for campaign and license.
But before this, let's start by the finding campaigns.
A campaign is a set off incidents that okay or over a specific time parrot that relate to each other by shared indicators, tools, infrastructure? Or did he pees, which indicated that they were performed by the same intrusions that threat actors and or have a shared objective,
for instance, to be able to build a campaign and a license, we need intelligence gathering
from multiple intrusions over an extended period of time.
This requires from analysts to notice trends in intrusions. But here a common question is where to start a campaign on a license.
When we are dealing with an incident, it's important to keep reports with full details, including indicators, because they may serve in the future for a campaign analysis. It all starts with noticing a trend between intrusions Then, after looking into the past reports, we should be able
to find sufficient data, especially key indicators.
The key indicators should remain consistent across intrusions. This is really important.
And here comes the roll off external intelligence that we collected from multiple sources, including ice ax, A sow's vendors and three sources.
Searching for key indicators will help the analysts toe identify whether the trend is targeting a specific sector
country or probably targeting all the the organization.
Also comparing key indicators and it's Teepees will help in identifying the adversaries.
I only have one your recommendation here. When dealing with external reports,
Please don't make them with your internal data because there is always the risk off misleading the analyzes.
The next step will require leveraging techniques for analyzes, toe identify patterns
and basically all the output results. You can apply the most appropriate course of action.
It's also important to mention that understanding patterns and intrusions correlation to define a campaign refines the ability to anticipate what future intrusions will look like. Keep in mind that even unsuccessful intrusions are useful in these cases
because it's very likely that adversaries will try them again.
Now let's move to the techniques and methods that can be used for campaign on a license.
The methods that we study it in the previous module are still valid as campaigned on life's techniques.
They may be extended to support
correlation between in Children's.
The first technique is a CH, and here were place hypothesis by campaign hypothesis, we identify candidates campaigns for correlations off course. These are the ones which have the most key indicators and Teepees.
Ricky indicators and Teepees are considered the evidence the position against campaigns as hypothesis
here. Another example that we've seen previously,
and it is the mapping off cyber coaching and diamond model here as well. We don't take all the possible insurance, but the only ones with the most key indicators, and we correlate them based on these indicators.
The techniques and methods that we studied in the intrusion on a license cases are still valid, But there are also techniques that are proper to campaign analyzes which our data and the license temporal analyzes visual and the license and the heat map in the license.
We'll go in details with some off these methods in future videos.
This is all for this lesson It was a quick introduction to the module campaign and the license. We started the lesson with a definition off campaign,
we've seen where to start campaign analyzes. We also discover the previously it's seen techniques are still valid for campaign analyzers, and we discover the new methods and techniques that can be used for campaign analyzes and which we are going to discover in future videos belonging to this module as well.
In the next video, we'll start the first technique dedicated to campaign analyzes, which is a heat map and the license.
MITRE ATT&CK Defender™ (MAD) ATT&CK® Cyber Threat Intelligence Certification Training
Analysts and researchers gain hands-on instruction directly from MITRE’s experts in this MITRE ATT&CK Defender™ ...
3 CEU/CPE Hours Available
Certificate of Completion Offered
SOC Analyst I Workrole Assessment
The SOC Analyst I Workrole Assessment covers fundamentals SOC I skills such as incident response, ...