Professional Documents
Culture Documents
00-Att CK For Dco Syllabus
00-Att CK For Dco Syllabus
00-Att CK For Dco Syllabus
Syllabus
Schedule
• Initial Communications Check: 17 March 2022 (Completed)
• Pre-workshop Communications Check: 9 May 2022
• Workshop Dates: 16-20 May
Day AM PM
Monday Introductions, ATT&CK Overview ELK Overview
Tuesday ELK Basics ATT&CK for DCO Steps 1-3
Wednesday ATT&CK for DCO Steps 4-6
Thursday ATT&CK for DCO Step 7
Friday ATT&CK for DCO Step 7 Cont. Classroom Brief to FAR JOC Chief
Syllabus:
ATT&CK Overview – Review of the ATT&CK Framework
ELK – Quick overview of the ELK tool which will be used for the hand-on-keyboard portions of the
training
Step 1 – Step focused on identifying and prioritizing Cyber Adversary Tactics, Techniques and Procedures
(TTPs) to develop a high-level understanding of the TTP-Based DCO methodology.
Step 2 – Step focused on developing and refining hypotheses and abstract analytics for detection based
on the TTPs identified in Step 1
Step 3 – Step focused on defining the data requirements and creating concrete analytics.
Step 4 – Step focused on assessing which detections to implement in the target network
Step 5 – The step focused on configuring the necessary data collection in the environment; identifying
gaps in collection strategies and developing plans to address them.
Step 6 – Step focused on writing the analytics. This is the first step where we will be accessing the
Partner Accessible Virtual Environment (PAVE)
Step 7 – Step where we go through how to employ TTP-Based DCO on networks. Includes hand-on-
keyboard exercise time.
Classroom Brief to FAR JOC Chief: One or more teams will present their findings from a classroom
scenario in the form of an incident response briefing to a senior leader.