CyFlare Detection List & MITRE ATT&CK Framework Mapping

CyFlare Detection List & MITRE ATT&CK Framework Mapping

Purpose

This document identifies the detections that are available to CyFlare clients from the identified managed security services. 

Filters & Definitions

State - This represents whether the default mode for the detection. It may be On or Off by default for various reasons.
Solution Name -  This is the CyFlare given name for an offered managed security solution.
Solution Category -  This is the CyFlare given category name for the managed security solution.
Detection Name - Represents the unique name for that detection based on the use case that triggers that detection into the SOC.
Detection Channel - This represents a CyFlare methodology for normalizing security events across various SIEM & Security solutions.
Detection Engine - There are 2 options available. There are built in detections available labeled as "Product Feature" and custom detections enabled by the SOC labeled as "CyFlare Threat Hunter".
Default Action - This is the default action the CyFlare ONE platform will take when executing your playbooks. There are a few options available:
  1. Analyst Triage - No automatic triage or enrichment is required and the detection is sent directly to human triage queue
  2. Conditional Auto Close - The detection may be automatically closed once evaluating against the context fields you provided as part of your onboarding and ongoing communications with the SOC. If the conditions match the event may automatically be ticketed.
    1. Conditional Auto Ticket - The detection may be automatically ticketed once evaluating against the context fields you provided as part of your onboarding and ongoing communications with the SOC. If the conditions match the event may automatically be ticketed.
  3. Auto Ticket - The detection is automatically evaluated and processed to create a ticket
MITRE ATT&CK Tactic - denoting short-term, tactical adversary goals during an attack
MITRE ATT&CK Technique - describing the means by which adversaries achieve tactical goals

The below application lists out the available options using various filters to narrow the focus based on the criteria.

    • Related Articles

    • 3 1 Breach Detection System Release Notes

        3. Highlights  Amazing new navigation menu and dashboard to match day to day operation workflow and provide intuitive navigation 4 new detections to further enhance cyber safety 5+ new data source capability added to gain even more visibility over ...
    • CyFlare SOC In a Box Quick Start Guide

      Deployment Overview Your appliance has been pre-configured based on the information provided at the time of your order for rapid deployment into your environment. The deployment consists of the following high level steps: Configure Firewall Rules ...
    • ATT-Alienvault-Advisory

        SolarWinds Orion Supply Chain Attack                        Detections in AT&T Unified Security Management™ and IoCs in the AT&T Alien Labs Open Threat Exchange™ December 16, 2020, 11:15am (CST) TLP: Amber Dear USM Customer, The details of this ...
    • Syslog Forwarding - Breach Detection System - Ports To Send To

      Firewall Ports to Open for Log Ingestion Network and security sensors require open inbound UDP ports on your firewall in order to receive and parse logs from devices on your network. The ports are already open by default on the sensor, so you must ...
    • Office 365 Integration with Breach Detection Service (Latest Version)

      Overview Office 365 is a critical part of your infrastructure. The Pulse Breach Detection platform provides API based integration with Office 365 & Azure AD to provide visibility into system changes, file sharing and authentication related events ...