Map your technique detection coverage to a technique
Map your overall technique detection coverage with the technique that enables your organization to detect specific adversary techniques.
Before you begin
- Role required: sn_ti.admin, sn_si.admin: write access
- Role required: sn_ti.read: read access
About this task
You can use the technique detection coverage to get an overview into your organization's overall technique detection coverage. For example, if an adversary is attacking your organization, you see the kind of coverage that you have to detect the attacker's techniques.
The technique and ID are automatically populated for all the collections and techniques that you have activated. The coverage type and scoring definition that you have defined are available for as an option that you can select in the overall technique detection coverage.
You can map the overall technique detection coverage with the technique to complete the mapping. You can associate a technique with only one overall technique detection coverage.
The technique detection coverage mapping that you define is used in the coverage visualization in the heatmap.
Procedure
-
Navigate to .
In this illustration, you see that the Cloud Accounts (T1078.004) sub-technique has excellent coverage in the organization and that the Overall Technique Detection Coverage is mapped to Excellent.