Detections coverage of ATT&CK documentation


We are trying to review the ATT&CK coverage for the current detections to help us with creation and coverage of our own ruleset, is there anything available for us to use?


1 Like

Hey there @probson :wave:

Thanks to the recent efforts of @Thorben there is the new Elastic Security: Detection Rules ATT&CK Navigator layer generator that you can use to generate an ATT&CK Navigator to better understand the coverage of your own rulesets. :tada:

Here's an example navigator detailing the coverage of the prebuilt Elastic Detection Rules shipped with the app:

This should cover exactly what you're looking for, but if you have any trouble/feedback please do feel free to add it to this thread (or open an issue in that repo). :slightly_smiling_face:

Hope this helps -- cheers!



That looks perfect thank you and thanks @Thorben, will hopefully use it in the next few days


You can actually see the coverage in this table:

Analytic Coverage Comparison | MITRE Cyber Analytics Repository

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.