Incident Patterns


Today, Kevin Thompson and I presented at the SANS DFIR Summit on patterns of incident types found within the VERIS Community Database. Our research focused first on identifying interesting patterns within the data set, then examining those patterns more closely for TTPs and other potentially useful insights.

We’ve made all our code available in the form of IPython notebooks for purposes of reproducibility and collaboration. The project hasn’t concluded, either; today’s talk really just gave a glimpse of our work. We have plans to investigate more TTPs and provide additional data analytics in the future.