ATT&CK Navigator Layers
Collection of layers to use with https://mitre-attack.github.io/attack-navigator/enterprise/
Resources:
CrowdStrike Most Common: https://www.youtube.com/watch?v=Rg64nPqqs8s | https://www.crowdstrike.com/resources/reports/2019-crowdstrike-global-threat-report/
CrowdStrike Eval: https://attackevals.mitre.org/evaluations/crowdstrike.1.apt3.1.html
CarbonBlack Eval: https://attackevals.mitre.org/evaluations/carbonblack.1.apt3.1.html
Sysmon: https://github.com/olafhartong/sysmon-modular & https://github.com/c2defense/windows-event-collection
Auditd: https://github.com/bfuzzy/auditd-attack
Atomic Red Team Coverage: https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/art_navigator_layer.json
Windows Event Logs: https://github.com/c2defense/windows-event-collection
Capital One Breach: http://thewindowsupdate.com/2019/11/18/hunting-for-capital-one-breach-ttps-in-aws-logs-using-azure-sentinel-part-i/