Adversary techniques are at the core of understanding how adversaries operate, what Red Canary detects, and how we investigate those events. Red Canary brings together public information about these techniques with context specific to your organization to be your primary source of intelligence.
Information about each technique is accessible from the MITRE ATT&CK coverage matrix or anywhere else a technique is listed.
Jump to a technique:
- Press ⌘-K or click the search bar, and then type a technique name or identifier.
- Select the desired technique from the list.
- Press Enter.
Explore techniques from the MITRE ATT&CK matrix:
- Click Analytics, and then select Attack Techniques.
- Click the name of the technique you want to view.
The top left contains information from public sources, MITRE ATT&CK, and Red Canary (if the technique is a Red Canary technique awaiting inclusion in MITRE ATT&CK).
The Prevalence section highlights techniques that are frequently used across all of the environments that Red Canary monitors. Certain techniques have been a focus of Red Canary’s research and threat intelligence; these techniques will contain additional links in Dive Deeper.
Recent Threats and Recent Events list confirmed threats and potentially threatening events that have been observed using this technique in your environment.
The Red Canary Coverage section lists detection analytics (detectors) that Red Canary uses to identify behavior associated with this technique.