MITRE ATT&CK · Enterprise
Detection coverage map
Heatmap by number of rules mapping to each technique. Pulsing cells were observed in the active incident.
none low med high
Initial Access
Spearphish Link
3 rules
Spearphish Attach
2 rules
Valid Accounts
3 rules
Drive-by
1 rules
Supply Chain
1 rules
Execution
PowerShell
3 rules
WMI
2 rules
Scheduled Task
2 rules
User Execution
3 rules
Persistence
Cloud Accounts
3 rules
Registry Run Keys
2 rules
Services
2 rules
SSH Keys
1 rules
Privilege Escalation
Token Impersonation
1 rules
Sudo / SUID
2 rules
Bypass UAC
3 rules
Defense Evasion
Disable Tools
2 rules
Indicator Removal
1 rules
Obfuscated Files
3 rules
Credential Access
Password Spray
3 rules
Brute Force
3 rules
Credential Dump
2 rules
Kerberoasting
2 rules
Discovery
Account Discovery
1 rules
Network Share
2 rules
Process Discovery
2 rules
Lateral Movement
RDP
3 rules
SMB
2 rules
WinRM
2 rules
SSH
3 rules
Collection
Email Collection
2 rules
Clipboard
0 rules
Command & Control
Web Protocols
3 rules
Encrypted Channel
2 rules
DNS Tunneling
1 rules
Exfiltration
Cloud Storage
2 rules
Web Service
1 rules
Impact
Data Encrypted
3 rules
Service Stop
2 rules
Defacement
1 rules