It is necessary to write custom alerts within your organization to detect organization and product specific attacks. It can be difficult to maintain these alerts, enable alert creation continuity across multiple teams & geographic regions, have an objective when creating an alert, measuring historical activity, and making decisions on naming convention and standardization. In this session, you will learn how the incident response team at Atlassian has created a framework for the standardization of your alerts. We discuss our motives behind choosing the open source Mitre ATT&CK framework to base our alert detections on, the naming convention we chose, how we keep all of our alerts in source control, the CI/CD pipeline that we built for simulating attack data & running tests on the alerts to verify they are still valid, and reporting on the quality of these alerts. Come watch an efficient overview of how you can improve your alerting pipeline and see the standardizer in action.
- SPEAKER Christian Burrows