MITRE ATT&CK Defender™ (MAD) ATT&CK® SOC Assessments Certification Training

The MITRE ATT&CK® framework has helped people across the security community adopt a threat-informed mindset and better align what they’re doing towards understanding and defending against real-world adversaries. But for organizations just getting started, it’s not always clear how to adopt it – sure, the concepts make sense, but how do you actually implement ATT&CK®? For many, the answer lies in understanding where they currently stand: without knowing how your current defenses map to ATT&CK®, it’s hard to see where you should improve.

This MITRE SOC course is designed to help answer this problem by teaching students how to leverage ATT&CK® to conduct Security Operations Center (SOC) assessments. These assessments are designed to be rapid, low overhead, and broad enough to help the SOC get on their feet with ATT&CK®. Specific subjects we’ll cover include how to analyze SOC technologies like tools and data sources, how to interview and discuss ATT&CK® with SOC personnel, and how to recommend changes based on assessment results.

Target Audience for the MITRE SOC Course

Anyone involved in or consulting with the day-to-day operations of a security operations center looking to adopt ATT&CK®.

Prerequisites for this MITRE SOC Training

• An understanding of the ATT&CK® framework through the MITRE ATT&CK Defender™ (MAD) ATT&CK® Fundamentals Badge course
• An understanding of information security and technology, and security operations

MITRE SOC Course Goals

By the end of this MITRE SOC course, students should be able to:

• Understand how SOC technologies map to ATT&CK® at a high level
• Walk through an ATT&CK®-based SOC assessment
• Interview and discuss ATT&CK® with SOC personnel
• Effectively communicate findings with ATT&CK®
• Propose enhancements to better align operations with ATT&CK®

Note: Per our partnership agreement with MITRE Engenuity, MITRE will have access to learner usage data.

• Overview of ATT&CK®-based SOC Assessments
• Introduction: Bringing ATT&CK® into the SOC
• A Methodology for Assessments
• Framing an Assessment
• Scoping an Assessment
• Analyzing SOC Components with ATT&CK®
• Setting a Coverage Rubric
• Working with Data Sources Part 1
• Working with Data Sources Part 2
• Analyzing Analytics
• Breaking Down Tools
• Synthesizing SOC Assessments
• Interviewing Staff
• Communicating with ATT&CK®
• Compiling a Final Heatmap Part 1
• Compiling a Final Heatmap Part 2
• Proposing Recommendations Part 1
• Proposing Recommendations Part 2
• SOC Assessments Demo 1
• SOC Assessments Demo 2