Speakers
Synopsis
In this technical session, we will explore how to continuously convert the latest knowledge of threat actor Tactics, Techniques, and Procedures (TTPs) into actionable detection rules in SIEMs, tailored specifically to threats targeting Australian businesses. Taking a practical approach, we will demonstrate how to create detection logic that maps to MITRE ATT&CK and other relevant frameworks such as the Cyber Analytics Repository (CAR) and SIGMA, providing concrete examples of rule logic for various attack stages.
The talk will also cover how to build an automated pipeline for delivering these detection rules as code, ensuring a scalable and maintainable CTI-based detection strategy. We will walk through a model, demonstrating how rules can be continuously updated and deployed in real time, making your detection infrastructure both adaptive and resilient.
