Define the mitigation coverage

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • Define the mitigation coverage for each mitigation that is associated with a technique so that you gain visibility into how well your organization can prevent the attacks that happen due to a particular technique.

    Before you begin

    • Role required: sn_ti.admin, sn_si.admin: create, write, delete access
    • Role required: sn_ti.read: read access

    About this task

    The mitigation coverage definitions are used in the overall mitigation and technique coverage mapping. You can use the base system mitigation coverage. The base system mitigation coverage consists of coverage types None, Poor, Fair, Good, Very Good, and Excellent. The base system mitigation coverage is also associated with pre-defined colors, and coverage percentages. You can customize the coverage types (add or remove coverage types), coverage percentages for lower limits and higher limits, and colors, or create your custom mitigation coverage.

    The customizations that you make to the coverage types, colors, or percentages are used in the mitigation coverage mapping and also in the heat map.

    Procedure

    1. Navigate to All > Threat Intelligence > MITRE ATT&CK Administration > Mitigation Coverage Definition.
    2. Review the mitigation detection entries and customize the entries for your environment.
      Table 1. Technique Mitigation Coverage Definition
      Field Description
      Overall Technique Mitigation Coverage Name of the technique mitigation coverage. The base system mitigation coverage consists of None, Poor, Fair, Good, Very Good, or Excellent.
      Coverage Percentage Lower Limit The lower percentage limit of the mitigation coverage. Define the numerical values between 0 through 100.
      Coverage Percentage Higher Limit The higher percentage limit of the mitigation coverage. Define the numerical values between 0 through 100.
      Coverage Color Color that is assigned to the detection coverage score. The color that you define is used for the technique mitigation coverage in the heat map.

      You can customize the colors using HEX codes and RGB(A) values.
      Description Overall mitigation detection coverage. See the base system definition in the technique mitigation coverage definition.
      Note:
      Ensure that you do not overlap the coverage percentage ranges if you customize the percentage limits (lower or higher). For example, if a coverage record has the ranges 0 to 20, then the next consecutive record must have lower limit range of 21 or higher to avoid overlapping the coverage percentage range.

      The following illustration shows the mitigation coverage definition list.

      The illustration shows the technique mitigation coverage definition list.
    3. To add an entry, click New, complete the entries, and click Submit.