Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve ATT&CK Coverage #35

Open
ikiril01 opened this issue Sep 18, 2019 · 0 comments
Open

Improve ATT&CK Coverage #35

ikiril01 opened this issue Sep 18, 2019 · 0 comments
Assignees
@ikiril01

Comments

@ikiril01
Copy link
Collaborator

ikiril01 commented Sep 18, 2019
edited
Loading

Right now our ATT&CK Coverage is purely based on how well an analytic covers an entire Tactic/Technique pair. This is useful to get a general sense of how applicable an analytic is, but has its limitations:

  1. For analytics that may have multiple implementations, it doesn't say anything about the level of coverage of each implementation.
  2. Analytics may be brittle, in the sense that it's easy for an adversary to evade them. We should try to take this into account, either as a sub-component of coverage or as a separate section.
  3. With ATT&CK sub-techniques on the horizon, we'll want to think about re-architecting coverage around sub-techniques for better accuracy.
@ikiril01 ikiril01 self-assigned this Nov 13, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ikiril01 ikiril01

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ikiril01