MITRE & Detection Armory
You can easily use the platform to set threat priorities and track your detection engineering progress overtime
Last updated
You can easily use the platform to set threat priorities and track your detection engineering progress overtime
Last updated
Navigate to the left navigation panel -> Maturity Score -> Threat Priorities
Threat Priorities have been pre-configured in Lab, feel free to modify them to see how it changes your maturity score.
| Inputs | Outputs |
|---|---|
Platforms - these are the platforms you want to scope for technique detection | Techniques - these are the MITRE ATT&CK techniques that are prioritized for detection based on the 2 inputs |
Threat Groups - these are the relevant threat groups you may want to track that target your industry or business | Data Categories - these are the relevant data sources you will need to add to Snowflake to detect those techniques |
Keep track of all the detections you are deploying and how it improves your Maturity Score
View a history of all of your activity to date here. MS History gives you an easy way to track your progress and how you have improved your detection coverage overtime.
Goal - try and improve your maturity score by 10 points in the lab by deploying recommended detections from the homepage.
Navigate to the Detection section to see a MITRE Heatmap of your deployed detections.
Want to improve your score?
Click on the Donut chart and select uncovered techniques
Flip the recommendations switch to ON
The Anvilogic detection armory has thousands of out of the box use cases you can deploy to your environment to immediately begin detecting suspicious activity aligned to those techniques.
Select Threat Identifiers (select see more on fields to filter by)
Filter by Rule Format -> Snowflake
Navigate to left navigation panel -> Maturity Score
Any technique with a BLUE STAR ICON () means there is a recommendation in our armory to cover one of your gaps.
Navigate to left navigation panel -> Maturity Score
