Skip to main content
Version: 5.0

Detection Matrix

Description

The MITRE ATT&CK Detection Matrix is a tool that helps track relevant cybersecurity events and assess the effectiveness of protective measures. It allows you to:

  • Visualize threat activity in the infrastructure, broken down by MITRE ATT&CK tactics and techniques
  • Track the dynamics of events over time
  • Facilitate the prioritization of tasks to address gaps in protection
  • Assess the effectiveness of implemented protective measures and identify those that require improvement

Usage

To start using the detection matrix, select the Detection Matrix item in the Main Menu under the MITRE ATT&CK section. The matrix interface looks similar to the Priority Matrix.

Functional Features

  • Layers - select the layer in which priority settings are configured. Layers are pre-created through the Layer Editor
  • Tactics - select the list of tactics for which settings are required
  • Data Sources - select the list of data sources that characterize the area of potential threat occurrence
  • Techniques - select the list of necessary techniques for priority settings
  • Show with detect only - display techniques for which there have been triggerings of correlation rules

Filtering

Filtering of techniques in the matrix is done similarly to the Priority Matrix. The Show with detect only option allows displaying only those techniques for which triggers have been registered.

Priority Settings

Priority settings in the matrix are done similarly to the Priority Matrix.