Document toolboxDocument toolbox

MITRE ATTACK Adviser

Overview

The MITRE ATT&CK(â„¢) Adviser application is a tool that enables security teams to understand alerts and log sources in their Devo domain, all in the context of the MITRE ATT&CK(â„¢) framework. For alert coverage, the application reads all of the Security Operations' out-of-the-box alerts, custom alerts, and installed alerts, mapping them to the ATT&CK matrix. It also color codes how well-covered each tactic and technique is. The application detects log sources currently being ingested and maps them to the ATT&CK matrix to evaluate data ingestion coverage.

How can I get this application?

The application is available via the Devo Exchange for all Devo customers.

Accessing the application

  1. Select Application → MITRE ATTACK Adviser in the navigation pane. The application main screen is then shown.

  2. From there you can view the MITRE ATT&CK matrix either by Alert coverage, Alert heatmap, or Log source coverage. Read more about each tab below.

Using the application

Â