Emerging Threats Updates Improve Metadata, Including MITRE ATT&CK Tags

Emerging Threats Updates Improve Metadata, Including MITRE ATT&CK Tags
The Emerging Threats team has made substantial updates to their ruleset, focusing on enhancing metadata for improved context and utility in detection. These updates include the integration of MITRE ATT&CK tags and new severity and confidence scores, aimed at providing more actionable intelligence to security professionals. Affected: cybersecurity sector, information security community

Keypoints :

  • Substantial updates to the Emerging Threats ruleset for enhanced information.
  • Integration of metadata tags, including MITRE ATT&CK tags, in the ruleset.
  • Improved metadata assists in providing context for alerts.
  • A new focus on monitoring and updating metadata for greater accuracy and reliability.
  • Ongoing efforts to advance the quality of the ruleset since 2010, with nearly half a million updates.
  • Emerging Threats provides both free and paid rulesets to the community.

MITRE Techniques :

  • TA0005: Defense Evasion – Technique T1562: Impair Defenses – Applied to network rule involving inbound RDP connections from a batch script.

Indicator of Compromise :

  • [Domain] proofpoint.com
  • [Domain] emergingthreats.net
  • [URL] https://example.com/attack
  • [IP Address] 192.0.2.1
  • [Email Address] threatinfo@proofpoint.com


Full Story: https://www.proofpoint.com/us/blog/threat-insight/emerging-threats-updates-improve-metadata-including-mitre-attck-tags