YASH - Attack Defense Framework

The implementation of YASH Attack Defense Framework based on Microsoft Sentinel will provide a robust strategy to protect the organization from the adversaries. It helps to design the dynamic defences, detection and deception for the adversaries built primarily on Microsoft Azure.

For example, is the MITRE ATT&CK framework, which maps defensive techniques to known adversary behaviours, helping defenders to choose right counter measures.

Activities:

• Review and Planning: Understand client needs (SIEM (Microsoft Sentinel) rules, business goals) and define scope (systems, organizational areas)
• Security Posture Review: Evaluating current detection, deception, and response capabilities.
• Threat Modelling: Simulate attacker paths using MITRE ATT&CK, NIST, GDPR and identify choke points.
• Refining the existing rules where required with any additional data if required.
• Integrate with additional threat intelligence sources.
• Create and configure new alerts based on threat models.
• Continuously monitor and update incident response protocols.

 Benefits:

• Reveals blind spots in detection and response.
• Prioritizes high-impact controls for implementation.
• Provides evidence-based justification for investment.

 Deliverables:

• KQL-Based Detection Ruleset
• Triaging Templates
• Enhanced Standard Operating Procedures
• SIEM (Microsoft Sentinel) Configuration Package