Detection Matrix
Description
The MITRE ATT&CK Detection Matrix is a tool that helps track relevant cybersecurity events and assess the effectiveness of protective measures. It allows you to:
- Visualize threat activity in the infrastructure, broken down by MITRE ATT&CK tactics and techniques
- Track the dynamics of events over time
- Facilitate the prioritization of tasks to address gaps in protection
- Assess the effectiveness of implemented protective measures and identify those that require improvement
Usage
To start using the detection matrix, select the Detection Matrix
item in the Main Menu under the MITRE ATT&CK section. The matrix interface looks similar to the Priority Matrix.
Functional Features
- Layers - select the layer in which priority settings are configured. Layers are pre-created through the Layer Editor
- Tactics - select the list of tactics for which settings are required
- Data Sources - select the list of data sources that characterize the area of potential threat occurrence
- Techniques - select the list of necessary techniques for priority settings
- Show with detect only - display techniques for which there have been triggerings of correlation rules
Filtering
Filtering of techniques in the matrix is done similarly to the Priority Matrix. The Show with detect only
option allows displaying only those techniques for which triggers have been registered.
Priority Settings
Priority settings in the matrix are done similarly to the Priority Matrix.