MITRE Attack coverage based on detection rules
Everyone in Information Security knows about the MITRE ATT&CK® framework. From the website : " [...] is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. " This is a short blog post, a bookmark for the related GitHub repository attack-coverage : but what is the project about? Working as DFIR consultants for different customers we have to manage different level of maturity, technologies and processes all related to safeguarding customers' infrastructures. Think about the CSOCs, some outsourced some not: from a reactive point of view, they will be called in action when something is triggered, most of the time automatically by some tools. Who defines those triggers? Which scenarios are covered by t