We can use MITRE Att&ck framework to asses defensive capability across your security architecture.

The MITRE ATT&K® framework helps provide context to the Sunburst campaign. The following represent known tactics and techniques:

• Query Registry [T1012]
• Obfuscated Files or Information [1027]
• Obfuscated Files or Information: Steganography [T1027.003]
• Process Discovery [T1057]
• Indicator Removal on Host: File Deletion [T1070.004]
• Application Layer Protocol: Web Protocols [T1071.001]
• Application Layer Protocol: DNS [T1071.004]
• File and Directory Discovery [T1083]
• Ingress Tool Transfer [T1105]
• Data Encoding: Standard Encoding [T1132.001]
• Supply Chain Compromise: Compromise Software Dependencies and Development Tools [ [T1195.001]
• Supply Chain Compromise: Compromise Software Supply Chain [T1195.002]
• Software Discovery [T1518]
• Software Discovery: Security Software Discovery [T1518.001]
• Create or Modify System Process: Windows Service [T1543.003]
• Subvert Trust Controls: Code Signing [T1553.002]
• Dynamic Resolution: Domain Generation Algorithms [T1568.002]
• System Services: Service Execution [T1569.002]
• Compromise Infrastructure [T1584]

• Implementing multi factor authentication.
• Monitoring all services for any changes in tokens or keys and for malicious activities.
• Re-evaluating API key integrations, SAML integrations and website configuration files.
• Review all system and security policies.
• Resetting user credentials.
• Consider security auditing.

FireEye counter measures

Sunburst unique Hostnames

Security onion blog

Solarwinds Security Advisory

SOC prime

Compass ITC