🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Adversary Software Coverage

adversary software coverage mitre att&ck


Taegis™ XDR’s Adversary Software Coverage enables you to view the coverage provided by Secureworks® Taegis™ XDR detector and event filter rules as mapped to the MITRE ATT&CK® framework. The coverage displays as countermeasures. You can use Adversary Software Coverage to learn how Secureworks® Taegis™ XDR covers you from general threats, such as ransomware, or from something more specific such as the SUNBURST trojanized DLL.

Taegis™ XDR Adversary Software Coverage

Taegis™ XDR Adversary Software Coverage

How to Use Taegis™ XDR’s Adversary Software Coverage

To view Taegis™ XDR’s Adversary Software Coverage, navigate to https://docs.ctpx.secureworks.com/detect/. The default view displays no selections; you can choose from the list on the left-hand side. The MITRE ATT&CK framework provides a curated list of malicious software and the tactics and techniques associated with that software.

Select Software

Select from the software list on the left to explore how Taegis™ XDR protects you from adversaries.

Select Coverage

Select Coverage

The number to the right of the software indicates the available number of countermeasures Taegis™ XDR and iSensor currently have in place against it:

Available Countermeasures

Available Countermeasures

Filter

Use the filter option pull-down to narrow down the software list according to your use case. You can filter the list by type; the display automatically updates. The number to the right of the software type shows the available countermeasures Taegis™ XDR and iSensor have against that threat type.

Filter by Threat Type

Filter by Threat Type

When you select an item from the software list, the coverage grid highlights all relevant techniques with full green to indicate that it’s covered, or a red X to indicate that it is not covered. Techniques that aren’t relevant to the selected software’s attack profile are grayed out.

Covered Adversary indicates that a MITRE technique is used in the software, and is covered.

Covered Adversary indicates that a MITRE technique is used in the software, and is not covered.

Unused Adversary Technique indicates that a MITRE technique is not used in the software selected.

Tip

You can click on the squares in the grid to display information about that indicated technique and vulnerabilities that the MITRE ATT&CK Enterprise framework describes. MITRE Techniques

MITRE Techniques

 

On this page: