[UX Copy] Security Mitre Attack detection coverage page. #3495
Assignees
Labels
Effort: Medium
Issues that take moderate but not substantial time to complete
Feature: Rules
Priority: Medium
Issues that have relevance, but aren't urgent
Team: Detections/Response
Detections and Response
ui-copy
v8.10.0
Comments
jmikell821
added
Team: Detections/Response
|
UX copy revised in elastic/kibana#164613, no further changes at this time so closing this issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
When users start using Security Solution and detection rules, they want to understand and keep track of the coverage the Solution can provide. Currently we provide them with Rules in a table that can be sorted and filtered, but there is no overview that can give an understanding about coverage at a glance.
Different teams worked around this problem by building their custom tools as referenced in the Related Epics.
The popular way to represent coverage is using MITRE ATT&CK(TM) framework. It is a knowledge base of adversary tactics and techniques based on real-world observations. Currently it consists of 14 Tactics, 191 Techniques and 385 Sub-techniques. It is used by different teams and tools as a common reference.
Tactics represent an adversary tactical goal (eg Credential access), and in general can be viewed as an attack progression stages. Techniques represent how the attacker is achieving their goal.
We map our pre-built protections to ATT&CK tactics/techniques/sub-techniques where applicable. When creating custom rules, users can also map them to ATT&CK.
By coverage we usually understand the availability and number of detections for a given tactic/technique.
Request
We would like to review the UX copy in the UI. We have a quick description of the page under the page title and a reference to the docs page. This docs page would need to be created.
Additional information
Related Epic
Design
The text was updated successfully, but these errors were encountered: