Into which category of MITRE tactics does out of box Identity Analytics rules fall?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: A.
Option A is correct.
Identity based attacks and its relevant rules comes under Initial Access and Credential Access categories of MITRE ATT&CK tactics.
Option B, C & D are incorrect.
Any identity based rules are not applicable under these tactics.
Reference:
Out-of-the-box Identity Analytics rules fall under the category of "Collection" in MITRE ATT&CK tactics.
MITRE ATT&CK is a globally recognized framework that is used to classify and describe cyber threats based on attacker behavior. The framework consists of various tactics and techniques used by attackers during a cyber-attack.
The "Collection" tactic is focused on the techniques used by attackers to gather and extract information from a target system. In other words, attackers attempt to collect information that is valuable to them, such as user credentials, system information, and sensitive data.
Identity Analytics is a process of analyzing and managing user identities to ensure their security within an organization. Out-of-the-box Identity Analytics rules are preconfigured rules that come with the Identity Analytics software and are used to monitor user identities for suspicious activities or behaviors. These rules are designed to identify potential security threats and prevent attackers from stealing sensitive information.
Since out-of-the-box Identity Analytics rules are focused on collecting and analyzing user identity data, they fall under the "Collection" category of the MITRE ATT&CK tactics. They are not related to "Initial Access," which is focused on the techniques used by attackers to gain initial access to a target system, "Execution," which focuses on the methods used to execute malicious code, or "Privilege Escalation," which is focused on the techniques used to gain higher-level access to a system or network.
Therefore, the correct answer to the question is C. Collection.