Our intention in detection among most organizations (aka, the ones that don’t have a full time threat intel team) should be to stop focusing on individual, novel attack techniques and concentrate defenses against the Top 20 most commonly observed ATT&CK techniques that are also achievable to monitor. These are the ones that actually matter, and the ones that will catch more bad guys, more often.
Configuring Detection Rules
- Navigate to the Secure Tab, and select detection on the left column.
- A list of current rules is displayed.
- Mark the desired rules as active.
- Press the Publish Rules Button to publish / refresh existing rules.
Rules will automatically be ran on the data as it comes into Infocyte. When the data matches a specific rule, an alert will be generated, and follow your normal work flow. Additional information about the rule, and about the data that triggered it can be found inside of the rule.
More information about this methodology can be found here: