| Table of Contents | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Overview
About the tenant selector
The MITRE ATT&CK Adviser application is a multitenant enabled part of the Devo platform that enables visibility for multitenant Devo customers. The Tenant dropdown menu provided in the top bar of the application allows you to select between all domains or just a single domain that is managed by the parent domain the application is present in.
The Tenant dropdown is only present if the application is deployed into a parent domain and it impacts the view that is present on each part of the application, Alert coverage, Alert heatmap, and Log source coverage screens.
...
About coverage
If all tenants are selected as part of the dropdown then it will show based on all the child tenants where there is coverage. However, if there is partial log source coverage across all of the domains, a warning symbol will appear on the tile to warn you that only some of the domains have the log source ingesting for the specific technique. You can hover over the warning symbol to learn which domains do not have coverage for the given technique.
If specific log sources are not being ingested into the domain for alerts that have been installed then there is a warning icon that is displayed on the technique tile to inform the user that there might be alert coverage, but not log source coverage.
The coverage value in the top right of each matrix adjusts based on the tenant selected so you know exactly the coverage within each domain.
...
Related articles:
| Child pages (Children Display) | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...