The Atomic Red Team testing cycle
In line with the threat hunting cycle, Red Canary has the Atomic Red Team testing cycle. First, you choose the technique (or the permutation of a technique) you want to test for and execute the test. Always start with places where you know you have the strongest visibility. Then, verify whether you have detected the technique. If you didn't, you have to ask yourself whether you are collecting data from the right data sources. In the event that you are, you may need to refine your collection. But if you are not, then you should establish the right collection process and make sure you are gathering the data from the right data sources.
Finally, the process starts all over again:
When carrying out this type of test, do it first in your lab environment. Make sure you don't run any tests in a production environment without the right permissions and...