Elastic/ELK to a Use Case Framework (UCF) like Magma & Mitre Framework

hi folks,

anyone have written/implemented logic to best make use of tagging and alerting SIEM outcomes to a use case framework. I was mostly looking for MaGMa framework which is getting popularity

Any help or implementation tips to a use-case framework would be very helpful

I am sure others can speak more about it than myself with regards to direct experience, but the alerting framework does support native tagging of Mitre Attacks when creating rules and here is a blog post about it:

1 Like