LogoLogo
Anvilogic WebsiteProduct Documentation
  • Welcome to Anvilogic
  • What's New
    • What's new?
      • 6.x releases
      • 5.x releases
  • Get Started
    • Onboarding guide
      • Log in and set your password
      • Define your company's threat profile
      • Select your data repository and get data in
        • Integrate Splunk as your data repository
          • Download and install the Anvilogic App for Splunk
            • Splunk Cloud Platform
              • Verify requirements
              • Install the Anvilogic App for Splunk
            • Splunk Enterprise
              • Verify requirements
              • Download the Anvilogic App for Splunk
              • Install the Anvilogic App for Splunk
          • Create the Anvilogic indexes
          • Assign the avl_admin role
          • Configure the HEC collector commands
          • Connect to the Anvilogic platform
        • Integrate Snowflake as your data repository
          • Get data into Snowflake
      • Review data feeds
      • (Optional) Upload your existing detections
      • Review and deploy recommended content
      • Additional tasks
    • Reference Architectures
      • Anvilogic on Splunk Architecture
      • Anvilogic on Azure
      • Anvilogic on Snowflake Architecture
        • FluentBit
          • Linux data
          • Syslog data
          • Windows data
        • Fluentd
      • Anvilogic on Databricks Architecture
      • Hybrid - Anvilogic on Splunk & Snowflake Architecture
  • Anvilogic Free Trial
    • Introduction and Overview
    • Sign Up for Free Trial
    • Initial Setup
    • Detection Engineering Workflow
    • Explore the Armory
    • Building a Scenario-Based Detection
    • Create SQL Detections
    • MonteAI for SQL
    • Monte Copilot
      • Monte Copilot supported tools
      • Monte Copilot licensing
      • Monte Copilot privacy and controls
    • Set MITRE ATT&CK Priorities
    • Review Maturity Score
    • Further Exploration and Next Steps
  • Anvilogic Lab
    • Anvilogic Lab Intro
      • Create SQL Detections
      • MonteAI for SQL
      • MITRE & Detection Armory
      • Deploy New Detections
  • Security Controls
    • AI security controls
    • Monte Copilot & AI privacy and controls
Powered by GitBook
On this page
  • Set Threat Priorities
  • Maturity Score
  • Detection Armory

Was this helpful?

Export as PDF
  1. Anvilogic Lab
  2. Anvilogic Lab Intro

MITRE & Detection Armory

You can easily use the platform to set threat priorities and track your detection engineering progress overtime

Last updated 1 year ago

Was this helpful?

Set Threat Priorities

  • Navigate to the left navigation panel -> Maturity Score -> Threat Priorities

Threat Priorities have been pre-configured in Lab, feel free to modify them to see how it changes your maturity score.

Inputs
Outputs

Platforms - these are the platforms you want to scope for technique detection

Techniques - these are the MITRE ATT&CK techniques that are prioritized for detection based on the 2 inputs

Threat Groups - these are the relevant threat groups you may want to track that target your industry or business

Data Categories - these are the relevant data sources you will need to add to Snowflake to detect those techniques

Maturity Score

Keep track of all the detections you are deploying and how it improves your Maturity Score

Maturity Score History

View a history of all of your activity to date here. MS History gives you an easy way to track your progress and how you have improved your detection coverage overtime.

Goal - try and improve your maturity score by 10 points in the lab by deploying recommended detections from the homepage.

Detection Score

Navigate to the Detection section to see a MITRE Heatmap of your deployed detections.

Want to improve your score?

  • Click on the Donut chart and select uncovered techniques

  • Flip the recommendations switch to ON

Detection Armory

The Anvilogic detection armory has thousands of out of the box use cases you can deploy to your environment to immediately begin detecting suspicious activity aligned to those techniques.

  • Select Threat Identifiers (select see more on fields to filter by)

    • Filter by Rule Format -> Snowflake

Navigate to left navigation panel -> Maturity Score

Any technique with a BLUE STAR ICON () means there is a recommendation in our armory to cover one of your gaps.

Navigate to left navigation panel -> Maturity Score