Hi,
We are trying to review the ATT&CK coverage for the current detections to help us with creation and coverage of our own ruleset, is there anything available for us to use?
Thanks
1 Like
Hey there @probson 
Thanks to the recent efforts of @Thorben there is the new Elastic Security: Detection Rules ATT&CK Navigator layer generator that you can use to generate an ATT&CK Navigator to better understand the coverage of your own rulesets. 
Here's an example navigator detailing the coverage of the prebuilt Elastic Detection Rules shipped with the app:
This should cover exactly what you're looking for, but if you have any trouble/feedback please do feel free to add it to this thread (or open an issue in that repo). 
Hope this helps -- cheers!
Garrett
3 Likes
That looks perfect thank you and thanks @Thorben, will hopefully use it in the next few days
Thanks
You can actually see the coverage in this table:
Analytic Coverage Comparison | MITRE Cyber Analytics Repository
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.