Detection coverage metrics¶
Mapping to MITRE ATT&CK¶
Objective: Measure % of ATT&CK techniques covered by detections.
Metric |
Calculation |
Target |
|---|---|---|
Technique Coverage |
(Detected Techniques / Total Relevant Techniques) * 100 |
≥80% |
Subtechnique Coverage |
(Detected Subtechniques / Total Relevant Subtechniques) * 100 |
≥70% |
Tactic Coverage |
(Covered Tactics / Total Tactics) * 100 |
100% |
Tools¶
Attack Navigator Heatmaps example
{"techniques": [{"techniqueID": "T1059.003", "color": "#ff6666", "comment": "Detected by Sigma rule #123"}]}
Automation: Panther or Anomali for ATT&CK alignment.
Last update:
2025-05-17 10:05