Overview
The MITRE ATT&CK(™) Adviser application is a tool that enables security teams to understand alerts and log sources in their Devo domain, all in the context of the MITRE ATT&CK(™) framework. For alert coverage, the application reads all of the Security Operations' out-of-the-box alerts, custom alerts, and installed alerts, mapping them to the ATT&CK matrix. It also color codes how well-covered each tactic and technique is. The application detects log sources currently being ingested and maps them to the ATT&CK matrix to evaluate data ingestion coverage.
How can I get this application?
The application is available via the Devo Exchange for all Devo customers.
Accessing the application
Select Application → MITRE ATTACK Adviser in the navigation pane. The application main screen is then shown.
From there you can view the MITRE ATT&CK matrix either by Alert coverage, Alert heatmap, or Log source coverage. Read more about each tab below.
