Hunt with MITRE ATT&CK

1. Log in to the LogRhythm NDR UI.
2. Click the Hunt tab. In the drop-down menu, click Mitre.
   The Mitre page appears, displaying all the events. By default, all the IOA (Incidents of Attack) for the last one (1) hour are listed. 
3. Select a custom time range for the last 15 minutes, 24 hours, 7 days, etc. 
   The graph related to all the events for the selected time period appears. 
4. To scroll the legend event list, click the up or down arrow icon.
5. To look further into a particular IOA, select the + icon linked to that IOA. 
   In the drop-down menu, all the related fields to that particular IOA appear. 
6. To filter the IOAs based on different techniques in the Mitre matrix:
   1. Remove the earlier filter in the search bar. 
   2. Click the ATT&CK Hunting icon.
   The ATT&CK Hunting matrix window appears. 
7. Click Brute Force.
   Brute Force ORs in the search bar.
8. To view the IOAs related to Brute Force, close the ATT&CK Hunting matrix window.
   Only the IOAs related to Brute Force appear.

×