☰

🌙☀

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Taegis Docs Home
About XDR
Get Started
- Get Started with XDR
- Top 5 Tasks
Integrate with XDR
- Integration Overview
- Data Source Integration Definitions
- All Available Integrations
- Add Data Collectors
- Add Endpoint Agents
- Forward Data to XDR
- Create Custom Parsers
  - Overview
  - Syntax
  - Repeating Fields
  - Overriding and Extending Global Parsers
  - Supported Schemas
  - All Schemas
    - Antivirus
    - Auth
    - CloudAudit
    - DHCP
    - DNS
    - Email
    - Encrypt
    - FileMod
    - HTTP
    - Management Event
    - Netflow
    - NIDS
    - Process
    - Registry
    - Thirdparty
    - Types
Manage Integrations
Alerts, Events, and Investigations
- Alerts
- Events
- Investigations
- CyberChef
Dashboards
Search and Reports
- Search
- Reports
Automation
- Automation Overview
- Supported Playbooks
- Supported Connectors
- Playbooks
- Connectors
- Automation Authoring
  - Building Connector Definitions
  - Building Playbook Templates
  - Common Expression Language (CEL)
Threat Intelligence, Hunting, and Detection
- Threat Intelligence
- Threat Hunting
  - Hunting with Jupyter Notebooks
- Detectors
- Adversary Software Coverage
  - Adversary Software Coverage
  - Frequently Asked Questions
XDR Admin
- Your Account
- Tenant Settings
APIs, SDK, and Magic
- Using XDR GraphQL APIs
- API Authentication
- XDR Python SDK
- Taegis Magic Jupyter Integration
  - Overview
- Alerts API
  - Using the Alerts API
  - Alerts GraphQL API
- Assets API
- Audits API
  - Using the Audits API
  - Audits GraphQL API
- Automations APIs
- Bring Your Own Threat Intelligence API
  - Using the BYOTI API
  - BYOTI GraphQL API
- Collector APIs
- Investigations API
  - Using the Investigations API
  - Investigations GraphQL API
- Threat Intelligence API
  - Using the Threat Intelligence API
  - Threat Intelligence GraphQL API
- Using the Users GraphQL API
- Using the Tenants GraphQL API
- Using the Countermeasures API
- Using the File Upload API
Secureworks Products, Services, and Policies
- Managed iSensor
- ManagedXDR
- ManagedXDR Elite
  - Service Description
  - Onboarding Guide
- ManagedXDR for OT
- ManagedXDR Enhanced
  - Service Description
  - Onboarding Guide
- ManagedXDR–Managed iSensor Add-on
- Secureworks Professional Services
- Legal

FAQ — Adversary Software Coverage

adversary software coverage mitre att&ck

Frequently Asked Questions ⫘

How is XDR Adversary Software Coverage calculated? ⫘

MITRE ATT&CK maintains a mapping of the techniques used by malicious software. When software is selected, Secureworks® Taegis™ XDR’s Adversary Software Coverage loads the countermeasure coverage and calculates the total techniques covered divided by the total techniques used by the software.

Where is the list of software populated from? ⫘

The Software List used comes directly from the MITRE ATT&CK Software list at https://attack.mitre.org/software/.

What is the difference between the terms coverage, countermeasures and techniques? ⫘

Coverage represents the total techniques used by the software covered by one or more XDR countermeasures. Countermeasures, in this context, are behaviors observed by XDR that are captured by a detector, watchlist, and/or ruleset. Techniques are how an adversary achieves a tactical objective by performing a task.

Why are there techniques not used by the specified software? ⫘

Techniques not used are represented as Not applicable and grayed out in the XDR’s Adversary Software Coverage display. Coverage is only displayed for the techniques actually used by the software.

On this page:

Frequently Asked Questions
How is XDR Adversary Software Coverage calculated?
Where is the list of software populated from?
What is the difference between the terms coverage, countermeasures and techniques?
Why are there techniques not used by the specified software?