Exercise 3: Comparing Layers in ATT&CK® Navigator

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

2 hours 24 minutes
Video Transcription
In the last few slides, you learned how to create and combine different navigator layers. Now you'll get the chance to apply what you learned and try on your own, so let's go ahead and get started.
Our objectives for this lesson 3.4 are to gain hands on practice with defining and comparing layers in the Attack Navigator tool and to review the overlapping techniques and subnets between the two different groups.
Before you begin, please refer to the resources section for this exercise. Once you're ready, you can get started by navigating to the following link on step number one.
When you're there, you can select the techniques for a PC 39 a PT 32 into separate navigator layers.
Once you have their independent layers, combine them like I showed you before into a third new layer and give a color and escort to them.
This will give you a list of overlapping techniques for the to a PT groups. We suggest giving yourself around 15 minutes to perform this exercise. Good luck.
If you perform the exercise correctly, you should now have a single layer showcasing the overlapping techniques between a B T 39 a B t 32.
The overlapping to needs will be shaded in green, as indicated by the legend in the bottom right.
We can now take a look at what are some of the overlapping techniques and sub techniques that you identified in this exercise.
Now you've finished with creating your single overlapping layer Navigator. Take a few moments to review the techniques that we have here that were shared between the two groups that we just did in the exercise.
to summarize what we learned in less than 3.4. We worked through the defining and comparing layers using Attack Navigator, and we reviewed the intersection overlapping to needs for a PT 32 a P t. 39.
Next up will be going to module for which is making defensive recommendations from attack mapped data
You can never see to that module as this is the end of Module three
Up Next
MITRE ATT&CK Defender™ (MAD) ATT&CK® Cyber Threat Intelligence Certification Training

This course prepares you for the ATT&CK® Cyber Threat Intelligence Certification, and provides hands-on instruction in mapping narrative reporting and raw data to ATT&CK®, efficiently storing and expressing the mapped intelligence, and operationalizing the intelligence through actionable recommendations to defenders.

Instructed By