Coverage Matrix
Description
The Coverage Matrix for MITRE ATT&CK is used to assess how well the current security system covers relevant techniques and tactics. The Coverage Matrix can be used for the following purposes:
- Evaluating the current security level of the organization
- Identifying security gaps
- Developing recommendations for improving security
Usage
To start using the coverage matrix, select the Coverage Matrix
item in the Main Menu under the MITRE ATT&CK section. The matrix interface looks similar Priority Matrix.
## Functional Features
- Layers - select the layer in which priority settings are configured. Layers are pre-created through the layer editor
- Tactics - select the list of tactics for which settings are required
- Data Sources - select the list of data sources that characterize the area of potential threat occurrence
- Techniques - select the list of necessary techniques for priority settings
- Show with priority only - display only those techniques for which a priority is set in the Priority Matrix
- Show jobs count - display the number of rules covering a given technique
Filtering
Filtering of techniques in the matrix is done similarly to the Priority Matrix. The Show with priority only
option allows displaying only those techniques for which triggers have been registered.
Coverage Settings
Coverage settings are available in the detailed information view window for a technique. If the coverage level is changed for a sub-technique, there is an option to update the parent technique using the Update parent technique
option: