-
Log in to the LogRhythm NDR UI.
-
Click the Hunt tab. In the drop-down menu, click Mitre.
The Mitre page appears, displaying all the events. By default, all the IOA (Incidents of Attack) for the last one (1) hour are listed. -
Select a custom time range for the last 15 minutes, 24 hours, 7 days, etc.
The graph related to all the events for the selected time period appears. -
To scroll the legend event list, click the up or down arrow icon.
-
To look further into a particular IOA, select the + icon linked to that IOA.
In the drop-down menu, all the related fields to that particular IOA appear. -
To filter the IOAs based on different techniques in the Mitre matrix:
-
Remove the earlier filter in the search bar.
-
Click the ATT&CK Hunting icon.
The ATT&CK Hunting matrix window appears.
-
-
Click Brute Force.
Brute Force ORs in the search bar. -
To view the IOAs related to Brute Force, close the ATT&CK Hunting matrix window.
Only the IOAs related to Brute Force appear.