As professionals in security, we know that the tactics, techniques and procedures (TTPs) used by cyber criminals are constantly evolving to evade our existing defense systems. That is why it is critical that security leaders continue to update their programs, and leverage new information and technologies to ensure their environments stay secure. Detecting new threats in real time and remediating issues quickly is a challenge for every type of organization. Here at Palo Alto Networks, our fully dedicated Unit42 threat research team works around the clock to ensure our company and our customers have the intel they need to neutralize these emerging and evolving threats without missing a beat. To carry out their mission, our researchers work with various tools and information sharing systems including the MITRE ATT&CK framework. This framework consists of real-world observations of threat actors and organizes them into a standardized language of TTPs and provides recommendations to help organizations develop response and action plans for their environments to harden their security programs.
What is the Cortex XSOAR Marketplace?
The MITRE ATT&CK content pack leverages Unit42 Actionable Threat Objects and Mitigations (ATOMs) intel and research, which details attack groups and their actions via the MITRE ATT&CK framework, developed into Cortex XSOAR automated orchestration playbooks. These playbooks leverage the latest ATT&CK updates and draw context from our Unit42 team to further enrich alert triage from events and activity across the corporate environment, 3rd party data sources, and threat intelligence feeds. This pack is extremely powerful because it enables security teams to operationalize the MITRE ATT&CK framework using Cortex XSOAR without having to manually translate hundreds of TTPs from the framework into effective rules, lists, and other resources for detection, enrichment, and response.
What does this content pack do?
Using the MITRE ATT&CK Courses of Action content pack with Cortex XSOAR, security teams can take immediate action to identify and stop the latest threats early in the attack cycle and keep their organization out of the next big cyberattack news headline.
The pack is easily deployed with a few clicks from the Cortex XSOAR Marketplace and provides all the content needed to operationalize the MITRE ATT&CK framework using automated playbooks.
How can security professionals discover more content packs?
Organizations can bridge the gaps and advance the maturity of their security program by tapping into the fastest growing community of security experts. Visit us here for a list of available integrations and featured content packs.
Don’t have Cortex XSOAR? Download our free Community Edition today!
For more information on the MITRE ATT&CK Courses of Action content pack, please visit: https://xsoar.pan.dev/docs/reference/articles/courses-of-action