Analytics Repository

The following examples demonstrate how to score and improve an analytic in accordance with the Summiting the Pyramid methodology.

• Suspicious ADFind
• Scheduled Task/Job
• Service Registry Permissions Weakness Check
• Potential Access Token Abuse
• Executable (EXE) File Download from a WebDAV Server
• Link (LNK) File Download Containing a WebDAV UNC Hyperlink
• Remote Registry Management Using Reg Utility
• File Creation Date Changed to Another Year
• Zeek DCE-RPC MITRE BZAR Execution

Scored Analytics Repository:

There is also a published CSV file that contains analytics that have been scored with the methodology: ScoredAnalytics

Score your own analytics in Sigma!

Sigma now has a tag to document the STP score of an analytic. Checkout the Sigma tags appendix to learn more.