/
MITRE ATTACK Adviser
Document toolboxDocument toolbox

MITRE ATTACK Adviser

Owned by Former user (Deleted)
Last updated: Aug 07, 2024 by Borja Moro Moreno (Unlicensed)
2 min read
[ 1 Overview ] [ 2 How can I get this application? ] [ 3 Accessing the application ] [ 4 Using the application ]

Overview

The MITRE ATT&CK(™) Adviser application is a tool that enables security teams to understand alerts and log sources in their Devo domain, all in the context of the MITRE ATT&CK(™) framework. For alert coverage, the application reads all of the Security Operations' out-of-the-box alerts, custom alerts, and installed alerts, mapping them to the ATT&CK matrix. It also color codes how well-covered each tactic and technique is. The application detects log sources currently being ingested and maps them to the ATT&CK matrix to evaluate data ingestion coverage.

How can I get this application?

The application is available via the Devo Exchange for all Devo customers.

Accessing the application

  1. Select Application → MITRE ATTACK Adviser in the navigation pane. The application main screen is then shown.

  2. From there you can view the MITRE ATT&CK matrix either by Alert coverage, Alert heatmap, or Log source coverage. Read more about each tab below.

Using the application

 

Related content

MITRE ATTACK Adviser 1.9.0
MITRE ATTACK Adviser 1.9.0
Devo latest
More like this
Alert coverage
Alert coverage
Devo latest
More like this
MITRE ATT&CK Adviser
MITRE ATT&CK Adviser
7.13
More like this
Application: MITRE ATT&CK Adviser
Application: MITRE ATT&CK Adviser
Devo latest
More like this
Log source coverage
Log source coverage
Devo latest
More like this
Multitenancy in MITRE ATTACK Adviser
Multitenancy in MITRE ATTACK Adviser
Devo latest
More like this