What do you use for Categories?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-15-2023 07:19 AM
My team and I are looking to revamp our categories from the current OOB ones and looking for recommendations or what others are using. I know there are already several OOB Categories with subcategories. We have discussed the possibility of using the MITRE Tactics as the categories, but a security incident could have several Tactics. In the future we do plan on mapping flow or process playbook triggers to these categories as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-15-2023 02:57 PM
Hello, I would recommend against using MITRE TTPs; as you said one incident can have multiple tactics, but also MITRE does update those, adds new ones, etc. I would consider looking at various standards and agencies like NIST, CISA/US-CERT, GCHQ, AUSCERT, FIRST.org, SANS, etc. Especially if you are required to report declared incidents to CISA or other agencies, you might want to consider matching their categories.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-15-2023 03:03 PM