I'm using Elastic Stack 8.3.3 with Basic License. I want test Kibana alerts for APT by detecting NextronSystems/APTSimulator activity.
By default, Elastic include 716 rules:
May I know which rules are recommended for APT, such as NextronSystems/APTSimulator?
We don't develop rules for or maintain visibility of third party simulation frameworks like APTSimulator, which may not accurately generate reliable datasets. Instead, we provide Red Team Automation (RTA) scripts which you can read more about in our community-facing rules repository here.
Additionally, be advised that a nation-state threat (APT) will use whichever technique(s) are effective-- so any technique in MITRE ATT&CK should be considered fair game.
I see, noted! I'll take a look into the Detection Rules repository.
I don't know if you even looked at this blog An Evaluation of Elastic EDR with APT Simulator | www.neteye-blog.com where you have a comparison of detections using APTSimulator
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.