Chapter 9: Hunting for the Adversary

In this chapter, we are going to step things up a bit by hunting over MITRE ATT&CK's APT29 emulation. Then, we are going to learn how to carry out a basic emulation using CALDERA so that we can create a simple Sigma rule for one of our detections, right before we upload it to our ElastAlert instance.

In this chapter, we're going to cover the following topics:

MITRE evaluations
Using the MITRE CALDERA project
Sigma rules

Let's get started!

Technical requirements

The following are the technical requirements for this chapter:

The virtual environment from Chapter 7, Creating a Research Environment, must be up and running.
Git needs to be installed on your system.
Access to MITRE ATT&CK™ Evaluation: http://bit.ly/3pOGZB4 ...

Get Practical Threat Intelligence and Data-Driven Threat Hunting now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Practical Threat Intelligence and Data-Driven Threat Hunting by Valentina Costa-Gazcón

Chapter 9: Hunting for the Adversary

Technical requirements

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly