FAQ - Adversary Software Coverage
adversary software coverage mitre att&ck
Frequently Asked Questions ⫘
How is XDR Adversary Software Coverage calculated? ⫘
- MITRE ATT&CK maintains a mapping of the techniques used by malicious software. When software is selected, Secureworks® Taegis™ XDR’s Adversary Software Coverage loads the countermeasure coverage and calculates the total techniques covered divided by the total techniques used by the software.
Where is the list of software populated from? ⫘
- The Software List used comes directly from the MITRE ATT&CK Software list at https://attack.mitre.org/software/.
What is the difference between the terms coverage, countermeasures and techniques? ⫘
- Coverage represents the total techniques used by the software covered by one or more XDR countermeasures. Countermeasures, in this context, are behaviors observed by XDR that are captured by a detector, watchlist, and/or ruleset. Techniques are how an adversary achieves a tactical objective by performing a task.
Why are there techniques not used by the specified software? ⫘
- Techniques not used are represented as
Not applicable
and grayed out in the XDR’s Adversary Software Coverage display. Coverage is only displayed for the techniques actually used by the software.