Skip to main content
Version: 5.0

Coverage Matrix

Description

The Coverage Matrix for MITRE ATT&CK is used to assess how well the current security system covers relevant techniques and tactics. The Coverage Matrix can be used for the following purposes:

  • Evaluating the current security level of the organization
  • Identifying security gaps
  • Developing recommendations for improving security

Usage

To start using the coverage matrix, select the Coverage Matrix item in the Main Menu under the MITRE ATT&CK section. The matrix interface looks similar Priority Matrix.

## Functional Features

  • Layers - select the layer in which priority settings are configured. Layers are pre-created through the layer editor
  • Tactics - select the list of tactics for which settings are required
  • Data Sources - select the list of data sources that characterize the area of potential threat occurrence
  • Techniques - select the list of necessary techniques for priority settings
  • Show with priority only - display only those techniques for which a priority is set in the Priority Matrix
  • Show jobs count - display the number of rules covering a given technique

Filtering

Filtering of techniques in the matrix is done similarly to the Priority Matrix. The Show with priority only option allows displaying only those techniques for which triggers have been registered.

Coverage Settings

Coverage settings are available in the detailed information view window for a technique. If the coverage level is changed for a sub-technique, there is an option to update the parent technique using the Update parent technique option:

Changing the coverage level of a technique