TTP Dashboard: Discover trending threat actor behavior

Prioritize threat hunts, prepare mitigations, and create threat actor profiles.

Aug 16, 2024 - 13:10
 0  11
TTP Dashboard: Discover trending threat actor behavior
Threat Intelligence

TTP Dashboard: Discover trending threat actor behavior

Prioritize threat hunts, prepare mitigations, and create threat actor profiles.

15 Sec-summary

Identifying new threat actor behavior is tedious and resource-intensive, requiring focused reading to tag text in articles to MITRE ATT&CK and manually extract data. It's easy to overlook a shift in techniques or a new threat actor that should be on your radar.

Feedly’s TTP Dashboard enables you to:

  • Identify trending ATT&CK techniques and extract procedures to help prioritize threat hunts.
  • Filter by your industry, threat actors, malware, or software platforms to uncover the latest techniques used to target gaps in your defenses
  • Track changes to threat actor behavior and click-to-launch into MITRE ATT&CK Navigator to develop attack emulations.

In short, the TTP Dashboard is more than a quick view of trending TTPs, malware, or threat actors; it’s a time-saving feature for discovering trends in customized date ranges and prioritizing actions to protect your organization.

Challenge: prioritizing your time and effort

Threat actors use thousands of techniques and procedures every year. Trying to protect against every possible attack vector would be cost-prohibitive. Consequently, cybersecurity teams have to focus on the highest-risk threat actors and the Tactics, Techniques, and Procedures (TTPs) they employ. This is not a static list. You must continuously scan or monitor for changing behaviors and new threat actors posing threats to your organization.

Understanding threat actors and their TTPs is useful to configure the appropriate defenses. Teams can view threat actors and TTPs in MITRE ATT&CK Navigator to understand the sequence of techniques they use in campaigns. This knowledge helps you conduct threat hunts, deploy appropriate mitigations, and emulate threat actors to test your defenses.

The magic behind the TTP Dashboard

The TTP Dashboard includes data collected from over 100 million sources, which are analyzed to discover TTPs and related contexts. This data is correlated in Feedly’s threat graph, providing an open source dataset connecting threat actors, TTPs, malware, CVEs, and more.

The TTP Dashboard taps into this data to provide a near real-time view of the latest threat actor behavioral trends and detailed relationships with malware, CVEs, procedures, etc.—making the data actionable. It’s filterable by industry, threat actor, technique, and time frame to deliver a view aligned with your Priority Intelligence Requirements (PIRs).

Identify trending ATT&CK sub-techniques and extract procedures to help prioritize threat hunts

Get a quick look at the trending techniques and threat actors. Are they known and well-defended? You can easily research techniques used by threat actors by diving into the associated procedures Feedly has conveniently extracted from articles. Then, click on the source articles to read the details and better inform your threat hunt.

TTP Dashboard showing procedures extracted from articles

You can click on any threat actor to open a Threat Actor Insights Card and get a 360-degree view of their targets, procedures, and malware used.

Filter to your industry or date frame to see the trending techniques. Then, dive in and extract procedures to help prioritize threat-hunting activities. Export the techniques or procedures as a PDF or CSV to share with your team, or use for additional analyses and reporting.

TTP Dashboard showing trending techniques, threat actors and related malware over the past 30 days

Filter by your industry, threat actors, malware, or platforms to uncover the latest techniques used to target gaps in your defenses

The TTP dashboard enables flexible filtering and saved views to tailor the information to your PIRs. Filter by your industry and select a time frame to see the relevant trending TTPs. Or filter by a specific technique you’ve identified as a known weakness to see if there’s any increase in activity or emergent threat actors.

Before the TTP Dashboard, we had a manual process of reading through multiple articles to find and extract procedures manually. The TTP Dashboard lets us filter the threat actors or malware we’re tracking and quickly access relevant procedures.

Senior Manager, CTI, Large Multinational bank
Filter the TTP Dashboard by the malware family, software platform, industry, or Tactics and Techniques most relevant to your business

Save up to 10 views to help provide a quick glance into threat actors, techniques, or malware.

TTP Dashboard showing different saved views based on your intelligence requirements

Track changes to threat actor behavior and click-to-launch into MITRE ATT&CK Navigator to develop attack emulations

Filter to one or more threat actors targeting your industry to see their procedures. Then click-to-launch into the MITRE ATT&CK Navigator to quickly identify patterns and map them against your defenses to identify gaps. You can right-click in the Navigator to learn more about the technique or view open-source articles in Feedly for more details. Understanding these patterns helps you to construct threat actor emulations to test your defenses.

This gives us a great resource for evidence-based prioritization. No longer will we say I ‘feel’ this is important; we will be able to back up our security prioritization and research with hard data.

Head of Operational Security, online banking organization
Showing how to open techniques displayed in the TTP Dashboard in the MITRE ATT&CK Navigator

Summary

The TTP Dashboard lets you quickly see trending TTPs, malware, or threat actors based on open-source reporting. Filter views by altering the time frame, industry, threat actor, industry, or software platform to align with your PIRs. You can also save a ton of time discovering trends and the relationships between entities to help you better prioritize actions to protect your organization. The TTP Dashboard is only available as part of Feedly for Threat Intelligence’s new 2024 Advanced plan.

Start your 7-day trial

Get an automatic 7-day Feedly for Threat Intelligence trial and start collecting, analyzing, and sharing actionable intelligence up to 7x faster.TRY FEEDLY TI

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow