SECOPS 4: Hunting Cyber Threats Flashcards Preview

CCNA Cyber Ops SECOPS > SECOPS 4: Hunting Cyber Threats > Flashcards

Flashcards in SECOPS 4: Hunting Cyber Threats Deck (41)
Loading flashcards...
1

HM0

Relies on alerting (IDS). Cannot effectively hunt.

2

HM1

Manual hunt ops. IDS alerts and internal info. Use threat intel feeds to identify threats.

Manual hunt.

3

HM2

Incorporate hunt techniques from external. Large amounts of info.

Active hunt operations

4

HMM

Hunting Maturity Model

5

Hunting Maturity Model

Created by Sqrrl. Levels of maturity for a threat hunting operation.

6

HM3

Analyze info of different types and use it to ID new malicious activity.
Do not rely on external.
Machine learning, data vizualization

7

HM4.

HM3 + automation. Scripts written based on intel and procedures.

8

Hunting Cycle

Hypothesize
Investigate
Uncover
Inform and enrich

9

Hypothesize

Look at system from perspective of the atacker

10

Investigate (Hunting cycle)

Use tools to investigate hypothesis

11

Uncover (Hunting cycle)

Hunter attempts to discover a pattern or TTP.

Analyst investigates IOC's to determine who was infected and what was done.

TTP's are then shared.

12

Inform and enrich (Hunting cycle)

Documentation and automation

13

TTP

Tactics, techniques, and procedures.

How an attacker maintains presence.

14

CVSS calculates...

chance of compromise and potential severity of damage

15

Base metric

characteristics of a vuln that are constant over time and across user environments.

16

Base metric composed of...

Exploitability metrics, impact metrics

17

CVSS Attack Vector

More remote equals higher score.

Local, adjacent, network, physical

18

Attack complexity

Conditions beyond attackers control that must exist to exploit

Low, High

19

Privileges required

Privileges needed to exploit

None, low, high

20

User interaction

Whether a user other than the attacker must participate for exploitation to succeed.

21

Scope

Ability for vuln in one component to impact other resources or privileges.

22

Confidentiality Impact

Vulnerabilities impact on confidentiality

23

Integrity impact

Impact to trustworthiness or accuracy of info

24

Availability impact

Can affect bandwidth, proc time, disk space

25

Exploit code maturity

Likelihood of vuln being attacked based on current exploit availability

26

Remediation level

Score goes down with availability of a patch

27

Report confidence

Confidence that the vuln exists.

28

CVSS Environmental Metrics

Customize score based on Importance of IT asset to the users organization

29

Modified base impacts

Modify the impact of individual base metrics (Attack vector, Scope, CIA, etc.)

30

CVSS Scores are computed from

"Big 3" CIA