Hey friend, welcome back!
In my last blog post on using threat intelligence articles for hunting we looked at extracting IOCs and TTPs from these articles and using them to perform IOC-based and TTP-based threat hunts. Hunting IOCs was simple, however, for TTPs, we had to correlate MITRE ATT&CK techniques mentioned in these articles to corresponding Sigma rules that could…
