Methodology

From Cyber Analytics Repository
Jump to: navigation, search

CAR analytics were developed to detect the adversary behaviors in ATT&CK. Development of an analytic is based upon the following activities:

  • identifying and prioritizing adversary behaviors from the ATT&CK adversary model
  • identifying the data necessary to detect the adversary behavior
  • identification or creation of a sensor to collect the necessary data
  • the actual creation of the analytic to detect the identified behaviors