CyFlare Detection List & MITRE ATT&CK Framework Mapping
Purpose
This document identifies the detections that are available to CyFlare clients from the identified managed security services.
Filters & Definitions
State - This represents whether the default mode for the detection. It may be On or Off by default for various reasons.
Solution Name -
This is the CyFlare given name for an offered managed security solution.
Solution Category -
This is the CyFlare given category name for the managed security solution.
Detection Name - Represents the unique name for that detection based on the use case that triggers that detection into the SOC.
Detection Channel - This represents a CyFlare methodology for normalizing security events across various SIEM & Security solutions.
Detection Engine - There are 2 options available. There are built in detections available labeled as "Product Feature" and custom detections enabled by the SOC labeled as "CyFlare Threat Hunter".
Default Action - This is the default action the CyFlare ONE platform will take when executing your playbooks. There are a few options available:
- Analyst Triage - No automatic triage or enrichment is required and the detection is sent directly to human triage queue
- Conditional Auto Close - The detection may be automatically closed once evaluating against the context fields you provided as part of your onboarding and ongoing communications with the SOC. If the conditions match the event may automatically be ticketed.
- Conditional Auto Ticket - The detection may be automatically ticketed once evaluating against the context fields you provided as part of your onboarding and ongoing communications with the SOC. If the conditions match the event may automatically be ticketed.
- Auto Ticket - The detection is automatically evaluated and processed to create a ticket
MITRE ATT&CK Tactic - denoting short-term, tactical adversary goals during an attack
MITRE ATT&CK Technique - describing the means by which adversaries achieve tactical goals
The below application lists out the available options using various filters to narrow the focus based on the criteria.
Related Articles
3 1 Breach Detection System Release Notes
3. Highlights Amazing new navigation menu and dashboard to match day to day operation workflow and provide intuitive navigation 4 new detections to further enhance cyber safety 5+ new data source capability added to gain even more visibility over ...Office 365 Integration with Breach Detection Service (Latest Version)
Overview Office 365 is a critical part of your infrastructure. The Pulse Breach Detection platform provides API based integration with Office 365 & Azure AD to provide visibility into system changes, file sharing and authentication related events ...AWS Cloudtrail Integration Guide With Breach Detection
Overview AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS ...How to Engage With The CyFlare SOC
SOC Contact Information CyFlare SOC Phone Number: 877-729-3527 – Option 2 Secure Ticket Portal & Help Center: SOC Portal Link Email To Create A Ticket: socir@cyflare.com Deployment Tracker & Document Management Portal: HEREAlienVault USM Anywhere Customer Quick Start Guide
Summary This document is intended as a step by step guide for new customer implementations of USM Anywhere with an introduction to the incident ticketing process and interacting with the SOC. The solution and service are deployed in phases. The ...