Introducing the Use Cases Mapper workbook

1. Introduction
While finding the most effective use cases for Sentinel, it usually makes sense to start with data sources that already exist in the enterprise environment, either due to previous/third-party SIEM integrations or due to an already implemented security stack. / Solution. The next logical step in this process is to determine existing Sentinel solutions for the products already in use. Unfortunately, this often happens inadequately or is not done completely due to lack of resources. Additionally, available solutions (content-hub-solutions) are constantly evolving, and once implemented, necessary updates may be neglected. This place Use Case Mapper Workbook This might help.

You can use workbooks and complementary resources (watch lists) to map common ground. Use cases The Miter ATT&CK framework, i.e. the tactics and techniques listed there. This provides a brief overview of the analysis options available in Sentinel, such as analysis rules and hunting queries. Use cases.

confirmed Use cases In this context:

• Credential Abuse
• lateral movement
• Fast Encryption
• Command and control communications
• insider risk
• Unusual elevation of privilege​
• Third Party Abuse
• overexposure
• data breach
• mobile data security
• Abuse of communication​
• Web application abuse

memo: Offensive and defensive strategies and techniques are also constantly changing, so these may change over time.

If you would like to tailor this information to your needs, you have the option to narrow the results down to your selection. data source (Content Hub solution) has also been implemented.

2. Prerequisites

Before you begin, you should check what prerequisites you need to meet.

• Azure subscription that includes Log Analytic Workspace with Sentinel
• The correct RBAC role assigned – should be ‘Contributor’ or ‘Owner’ for simplicity.

3. How to deploy/launch

4. How to use and structure

• The first section of the workbook gives you the option to select one of the predefined use cases.
  
  
  
• The next step (step 2) is to select the right data source/solution.
  

• Your previous choices are listed in Section 3 below.

  

  Depending on your selection, the following information will be displayed:

• analysis rules – ID | name | Solution | Technology + Graphic Representation
  

• hunting queries – ID | name | Solution | Technology + Graphic Representation

  

   

  

• workbook – Name | way out

  

5. Conclusion

The Use Case Mapper Workbook is a useful tool for identifying gaps in your Sentinel environment and established Content-Hub-Solutions. Simplifies the process of complementing solutions to achieve flawless implementation. It also helps you stay up to date on updates (such as new hunting queries, analysis rules, or workbooks) and incorporate them on the fly. This workbook also provides a clear picture of the threats and vulnerabilities that your solution must mitigate and where they can be found within the Miter Attack framework.