Version: 5.0

Detection Matrix

Description

The MITRE ATT&CK Detection Matrix is a tool that helps track relevant cybersecurity events and assess the effectiveness of protective measures. It allows you to:

Visualize threat activity in the infrastructure, broken down by MITRE ATT&CK tactics and techniques
Track the dynamics of events over time
Facilitate the prioritization of tasks to address gaps in protection
Assess the effectiveness of implemented protective measures and identify those that require improvement

Usage

To start using the detection matrix, select the Detection Matrix item in the Main Menu under the MITRE ATT&CK section. The matrix interface looks similar to the Priority Matrix.

Functional Features

Layers - select the layer in which priority settings are configured. Layers are pre-created through the Layer Editor
Tactics - select the list of tactics for which settings are required
Data Sources - select the list of data sources that characterize the area of potential threat occurrence
Techniques - select the list of necessary techniques for priority settings
Show with detect only - display techniques for which there have been triggerings of correlation rules

Filtering

Filtering of techniques in the matrix is done similarly to the Priority Matrix. The Show with detect only option allows displaying only those techniques for which triggers have been registered.

Priority Settings

Priority settings in the matrix are done similarly to the Priority Matrix.

Description​

Usage​

Functional Features​

Filtering​

Priority Settings​

Description

Usage

Functional Features

Filtering

Priority Settings