Analytics Repository¶

Robust Analytics¶

The following examples demonstrate how to score and improve an analytic in accordance with the Summiting the Pyramid methodology.

Access Token Abuse
ADFind
Executable (EXE) File Download from a WebDAV Server
File Creation Date Changed to Another Year
Link (LNK) File Download Containing a WebDAV UNC Hyperlink
Remote Registry Management Using Reg Utility
Service Registry Permissions Weakness Check
Scheduled Task/Job
Zeek DCE-RPC MITRE BZAR Execution

Context-Aware Analytics¶

The following examples demonstrate how to incorporate contextual requirements for ambiguous techniques in order to maximize robustness while reducing false positivies.

Archive Collected Data
Domain Account Discovery
File & Directory Discovery
LSASS Memory

Analytic Scoring Data¶

There is also a published CSV file that contains analytics that have been scored with the methodology: ScoredAnalytics

Score your own analytics in Sigma!

Sigma now has a tag to document the STP score of an analytic. Checkout the Sigma tags appendix to learn more.