Version: 5.2

MITRE ATT&CK

Description

This module is designed for detecting and analyzing cyber attacks targeting an organization using tactics and techniques from the MITRE ATT&CK knowledge base. It includes the following functionalities:

Priority Selection

the module allows creating layers for each information system. Learn more about layer creation in the Layer Editor section.
configuring the criticality and coverage for each technique

Priority selection is performed using a Priority Matrix. Learn more about the priority matrix in the corresponding article: Priority Matrix

Coverage Assessment

the module provides an interface for assessing coverage for each technique
the interface allows visualizing the coverage of information systems and assets
the assessment helps determine which areas require additional attention

These capabilities are implemented via the Coverage Matrix. For more details, please refer to the corresponding article: Coverage Matrix.

Detection Monitoring

The module provides two types of alert monitoring: Action MITRE ATT&CK and Risk Action.

Detection Matrix

An interface that displays all alerts, grouped by techniques and information systems. It allows you to see the number of alerts for each technique. For more details, please refer to the corresponding article: Detection Matrix.

Dashboards

A visual representation of alert information. It enables tracking trends, identifying anomalies, and assessing the effectiveness of correlation rules.

Description​

Priority Selection​

Coverage Assessment​

Detection Monitoring​

Detection Matrix​