Interfacing OpenSearch with Framework Mittre Attack and threat intellingence

Hello team,

Hope you doing good :slight_smile:

Please, can you help me or can you share with me a documentation about the interfacing of Opensearch with the Framework Mittre Attach and feeds threat intelegent MISSP (is it possible already?)

some one’s have any documentation of the creation of use cases (pass the hash, Brute Force Attack) because I can not find it ?

Thank you in advance

@oelbarnoussi Hi, thanks for the question.
OpenSearch recently released the new Security Analytics plugin in 2.4 as an experimental feature.
Security Analytics is a Security Information and Event Management (SIEM) system that has been developed to protect OpenSearch from external security threats and cyber attacks. It uses configurable detectors to monitor threat conditions defined by established security rules, many of which are based on a repository of adversary tactics and techniques maintained by the MITRE ATT&CK organization. You can find documentation about the plugin here:

I think this may address some of the questions you’ve asked here. If you have some specific questions about Security Analytics, feel free to post them here on the forum.