Indicators of CompromiseDiscovery
Creating detection rules based on attack evidence.
INCLUDED IN:
Operational Phase
01
The Pyramid of Pain
Hash values vs TTPs (Tactics, Techniques, Procedures).
02
YARA Rules
Writing pattern matching rules for malware classification.
03
Sigma Rules
Generic signature format for SIEM systems.
04
Threat Feeds
Consuming STIX/TAXII data.