Data Source Related Resources:
##############################
Defining ATT&CK Data Sources, Part I: Enhancing the Current State, by Jose Luis Rodriguez https://medium.com/mitre-attack/defining-attack-data-sources-part-i-4c39e581454f
Windows Sysmon Logging Cheat Sheet - up to ver 10.2, MalwareArchaelogy.com https://static1.squarespace.com/static/552092d5e4b0661088167e5c/t/5d5588b51fd81f0001471db4/1565886646582/Windows+Sysmon+Logging+Cheat+Sheet_Aug_2019.pdf
Sysmon Learning Resources, Michael Haag
https://github.com/MHaggis/sysmon-dfir
Content Development/Selection Resources:
#######################################
ATT&CK Detections Collector - Collects a listing of ATT&CK techniques, then discovers ESCU detections for the technique. Results may be saved as HTML or for use with ATT&CK Navigator.
https://github.com/splunk/attack-detections-collector
Getting Started with ATT&CK
https://www.mitre.org/sites/default/files/publications/mitre-getting-started-with-attack-october-2019.pdf
Sigma- Generic Signature Format for SIEM Systems
https://github.com/SigmaHQ/sigma
Center for threat informed defense - Attack-flow project
https://ctid.mitre-engenuity.org/our-work/attack-flow/
https://github.com/center-for-threat-informed-defense/attack-flow
https://github.com/center-for-threat-informed-defense/attack-flow/releases/tag/v1.0.0
RBA Blogs and Talks:
###################
Haylee Mills RBA Blog Series
https://www.splunk.com/en_us/blog/security/risk-based-alerting-the-new-frontier-for-siem.html
.conf Recording RBA Filter -
https://conf.splunk.com/watch/conf-online.html?search=risk%20based%20alerting#/