好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。首先,我得仔细阅读文章,理解作者的主要观点和目的。 文章的开头提到SaaS应用检测和响应并不是每个人的工作职责,但作者在几个组织中做过威胁建模,分析SaaS应用的遥测数据,并设计攻击路径。这表明作者有丰富的实践经验,并且投入了很多时间进行研究。 接下来,作者提到他想用代理来自动化这个研究过程,设定的目标是将SaaS应用映射到MITRE攻击框架,并模拟 adversarial 技术。这说明他想通过技术手段提高效率和准确性。 然后,作者提到早期结果很有希望,并且正在将这些分析整合到产品中。他还分享了两个视图:MITRE视图和攻击场景视图。这显示了他已经取得了一些成果,并且愿意公开分享。 最后,作者计划下一步整合审计日志和配置上下文,以识别检测机会和缓解选项,并邀请读者分享他们的经验。这表明他希望得到反馈,并持续改进他的方法。 综合以上信息,我需要提炼出关键点:SaaS应用安全、威胁建模、MITRE框架、自动化工具、早期成果、产品开发、公开分析以及未来计划。确保在100字以内准确传达这些内容。 </think> 文章描述了通过将SaaS应用映射到MITRE攻击框架并模拟攻击技术来识别攻击面的研究方法。作者开发了工具以实现这一目标,并分享了早期成果,包括MITRE视图和攻击场景视图。下一步计划整合审计日志和配置上下文以识别检测和缓解机会。 2025-12-9 05:36:31 Author: www.reddit.com(查看原文) 阅读量:3 收藏
I know SaaS app detection and response is not in everyone's remit although I've worked in a few orgs where we've had to threat model SaaS apps, understand their telemetry and devise attack paths that could lead to unfavourable outcomes. We spent a lot of time doing this research. I thought about it and myself if I could get ( don't hate for me it ) agents to perform this research. So I started with this mental objective:
"How can I greedily transpose a SaaS app and find attack surface by transposing it onto MITRE attack and emulating adversarial techniques making some assumptions about an environment"
It turns out, I think, that the early results are really promising. Full transparency I am trying to build this into a product, but I've released a public version of some of the analysis in the attached link. You can view Slack and see 2 views:
-
MITRE View - Synthesise MITRE techniques onto app functionality
-
Attack Scenarios - View techniques in the context of an attack tree
My next steps are to integrate audit log context to identify detection opportunities and configuration context to identify mitigation options. If you’ve had to do this with your own teams, I’d really value hearing your perspective. Always open to chatting as this is my life now
如有侵权请联系:admin#unsafe.sh