ATT&CK Coverage | David Godwin-Pratt

MITRE ATT&CK Detection Coverage

79

Total Rules

50

Techniques Covered

7.2%

of ATT&CK (691)

12

Tactics Covered

sigma 20

yara 20

kql 20

ioc-hunt 19

Coverage:

None

1 rule

2-3

4-6

7+

Reconnaissance 0

No coverage

Resource Development 0

No coverage

Initial Access 10

T1059 T1078 T1098 T1105 T1127 T1133 T1195 T1195.002 T1546 T1557

Execution 20

T1003 T1021.004 T1027 T1059 T1059.001 T1059.003 T1069.001 T1069.002 T1072 T1087.001 T1087.002 T1140 T1195 T1203 T1219 T1482 T1543 T1546 T1569 T1570

Persistence 17

T1059 T1078 T1098 T1105 T1110 T1127 T1133 T1195 T1543 T1546 T1546.001 T1547 T1548 T1548.002 T1554 T1556 T1574.001

Privilege Escalation 12

T1059 T1078 T1098 T1195 T1543 T1546 T1546.001 T1547 T1548 T1548.002 T1554 T1574.001

Defense Evasion 23

T1027 T1036 T1036.005 T1059 T1078 T1098 T1105 T1110 T1127 T1133 T1140 T1218 T1220 T1485 T1546.001 T1548 T1548.002 T1553.004 T1554 T1556 T1562.001 T1564 T1574.001

Credential Access 6

T1003 T1110 T1195.002 T1556 T1557 T1569

Discovery 8

T1018 T1059.001 T1069.001 T1069.002 T1083 T1087.001 T1087.002 T1482

Lateral Movement 6

T1021.004 T1059.003 T1072 T1105 T1219 T1570

Collection 2

T1195.002 T1557

Command and Control 11

T1008 T1021.004 T1059.003 T1071.001 T1105 T1127 T1133 T1218 T1219 T1568 T1570

Exfiltration 1

Impact 3

T1036 T1485 T1496

Coverage by Tactic

Defense Evasion

23 techniques

Execution

20 techniques

Persistence

17 techniques

Privilege Escalation

12 techniques

Command and Control

11 techniques

Initial Access

10 techniques

Discovery

8 techniques

Credential Access

6 techniques

Lateral Movement

6 techniques

Impact

3 techniques

Collection

2 techniques

Exfiltration

1 techniques

Subscribe: RSS Feed · JSON API