security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
0b15511ef5f92ce710f388177f20e93d27ace8ce
sigma-rules/docs-dev/ATT&CK-coverage.md
T
github-actions[bot] 0b15511ef5 Lock versions for releases: 8.19,9.2,9.3,9.4 (#6044)
2026-05-04 21:29:14 +05:30

64 KiB
Raw Blame History

Rule coverage

ATT&CK navigator layer files are generated when a package is built with make release or python -m detection-rules.This also means they can be downloaded from all successful builds.

These files can be used to pass to a custom navigator session. For convenience, the links are generated below. You can also include multiple across tabs in a single session, though it is not advisable to upload all of them as it will likely overload your browsers resources.

Current rule coverage

The source files for these links are regenerated with every successful merge to main. These represent coverage from the state of rules in the main branch.

Full coverage: ATT&CK navigator coverage

Coverage by platform: navigator

other navigator links by rule attributes
Elastic-detection-rules-indexes-
Elastic-detection-rules-indexes-auditbeat-WILDCARD
Elastic-detection-rules-indexes-endgame-WILDCARD
Elastic-detection-rules-indexes-filebeat-WILDCARD
Elastic-detection-rules-indexes-logs-apache
Elastic-detection-rules-indexes-logs-apache_tomcat
Elastic-detection-rules-indexes-logs-auditd_manager
Elastic-detection-rules-indexes-logs-aws
Elastic-detection-rules-indexes-logs-azure
Elastic-detection-rules-indexes-logs-cisco_ftd
Elastic-detection-rules-indexes-logs-cloud_defend
Elastic-detection-rules-indexes-logs-crowdstrike
Elastic-detection-rules-indexes-logs-cyberarkpas
Elastic-detection-rules-indexes-logs-endpoint
Elastic-detection-rules-indexes-logs-endpoint
Elastic-detection-rules-indexes-logs-endpointWILDCARD
Elastic-detection-rules-indexes-logs-fim
Elastic-detection-rules-indexes-logs-fortinet_fortigate
Elastic-detection-rules-indexes-logs-gcpWILDCARD
Elastic-detection-rules-indexes-logs-github
Elastic-detection-rules-indexes-logs-google_workspaceWILDCARD
Elastic-detection-rules-indexes-logs-iis
Elastic-detection-rules-indexes-logs-jamf_protectWILDCARD
Elastic-detection-rules-indexes-logs-kubernetes
Elastic-detection-rules-indexes-logs-m365_defender
Elastic-detection-rules-indexes-logs-network_traffic
Elastic-detection-rules-indexes-logs-nginx
Elastic-detection-rules-indexes-logs-o365
Elastic-detection-rules-indexes-logs-okta
Elastic-detection-rules-indexes-logs-oktaWILDCARD
Elastic-detection-rules-indexes-logs-panw
Elastic-detection-rules-indexes-logs-sentinel_one_cloud_funnel
Elastic-detection-rules-indexes-logs-sonicwall_firewall
Elastic-detection-rules-indexes-logs-suricata
Elastic-detection-rules-indexes-logs-system
Elastic-detection-rules-indexes-logs-traefik
Elastic-detection-rules-indexes-logs-windows
Elastic-detection-rules-indexes-ml_beaconing
Elastic-detection-rules-indexes-packetbeat-WILDCARD
Elastic-detection-rules-indexes-winlogbeat-WILDCARD
Elastic-detection-rules-tags-active-directory-monitoring
Elastic-detection-rules-tags-active-directory
Elastic-detection-rules-tags-amazon-cloudwatch
Elastic-detection-rules-tags-amazon-ec2
Elastic-detection-rules-tags-amazon-s3
Elastic-detection-rules-tags-amazon-web-services
Elastic-detection-rules-tags-apache-tomcat
Elastic-detection-rules-tags-apache
Elastic-detection-rules-tags-api
Elastic-detection-rules-tags-application
Elastic-detection-rules-tags-asset-visibility
Elastic-detection-rules-tags-auditd-manager
Elastic-detection-rules-tags-automated-response-tracking
Elastic-detection-rules-tags-aws-cloudfront
Elastic-detection-rules-tags-aws-cloudshell
Elastic-detection-rules-tags-aws-cloudtrail
Elastic-detection-rules-tags-aws-config
Elastic-detection-rules-tags-aws-dynamodb
Elastic-detection-rules-tags-aws-ec2
Elastic-detection-rules-tags-aws-efs
Elastic-detection-rules-tags-aws-elastic-load-balancing
Elastic-detection-rules-tags-aws-eventbridge
Elastic-detection-rules-tags-aws-guardduty
Elastic-detection-rules-tags-aws-iam
Elastic-detection-rules-tags-aws-kms
Elastic-detection-rules-tags-aws-lambda
Elastic-detection-rules-tags-aws-organizations
Elastic-detection-rules-tags-aws-rds
Elastic-detection-rules-tags-aws-route-53
Elastic-detection-rules-tags-aws-s3
Elastic-detection-rules-tags-aws-secrets-manager
Elastic-detection-rules-tags-aws-service-quotas
Elastic-detection-rules-tags-aws-ses
Elastic-detection-rules-tags-aws-sign-in
Elastic-detection-rules-tags-aws-sns
Elastic-detection-rules-tags-aws-sqs
Elastic-detection-rules-tags-aws-ssm
Elastic-detection-rules-tags-aws-sts
Elastic-detection-rules-tags-aws-systems-manager
Elastic-detection-rules-tags-aws-waf
Elastic-detection-rules-tags-aws
Elastic-detection-rules-tags-azure-activity-logs
Elastic-detection-rules-tags-azure-arc
Elastic-detection-rules-tags-azure-key-vault
Elastic-detection-rules-tags-azure-platform-logs
Elastic-detection-rules-tags-azure-storage
Elastic-detection-rules-tags-azure
Elastic-detection-rules-tags-bbr
Elastic-detection-rules-tags-blocked-threat-tracking
Elastic-detection-rules-tags-bpfdoor
Elastic-detection-rules-tags-c2-beaconing-detection
Elastic-detection-rules-tags-cisco-ftd
Elastic-detection-rules-tags-cloud-threat-detection
Elastic-detection-rules-tags-cloud
Elastic-detection-rules-tags-cloudformation
Elastic-detection-rules-tags-cobalt-strike
Elastic-detection-rules-tags-collection
Elastic-detection-rules-tags-command-and-control
Elastic-detection-rules-tags-configuration-audit
Elastic-detection-rules-tags-configuration-auditing
Elastic-detection-rules-tags-container
Elastic-detection-rules-tags-containers
Elastic-detection-rules-tags-credential-access
Elastic-detection-rules-tags-crowdstrike
Elastic-detection-rules-tags-cyberark-pas
Elastic-detection-rules-tags-data-exfiltration-detection
Elastic-detection-rules-tags-data-protection
Elastic-detection-rules-tags-defense-evasion
Elastic-detection-rules-tags-device-control
Elastic-detection-rules-tags-discovery
Elastic-detection-rules-tags-domain-generation-algorithm-detection
Elastic-detection-rules-tags-elastic-defend-for-containers
Elastic-detection-rules-tags-elastic-defend
Elastic-detection-rules-tags-elastic-endgame
Elastic-detection-rules-tags-email
Elastic-detection-rules-tags-endpoint
Elastic-detection-rules-tags-entra-audit-logs
Elastic-detection-rules-tags-entra-id-protection-logs
Elastic-detection-rules-tags-entra-id-sign-in-logs
Elastic-detection-rules-tags-entra-id-sign-in
Elastic-detection-rules-tags-entra-id
Elastic-detection-rules-tags-execution
Elastic-detection-rules-tags-exfiltration
Elastic-detection-rules-tags-exploit-detection
Elastic-detection-rules-tags-file-integrity-monitoring
Elastic-detection-rules-tags-fortinet-fortigate
Elastic-detection-rules-tags-fortinet
Elastic-detection-rules-tags-gcp-audit-logs
Elastic-detection-rules-tags-gcp
Elastic-detection-rules-tags-github
Elastic-detection-rules-tags-google-cloud-platform
Elastic-detection-rules-tags-google-workspace
Elastic-detection-rules-tags-graph-api-activity-logs
Elastic-detection-rules-tags-graph-api
Elastic-detection-rules-tags-higher-order-rule
Elastic-detection-rules-tags-iam
Elastic-detection-rules-tags-identity-and-access-audit
Elastic-detection-rules-tags-identity-threat-detection
Elastic-detection-rules-tags-identity
Elastic-detection-rules-tags-iis
Elastic-detection-rules-tags-impact
Elastic-detection-rules-tags-initial-access
Elastic-detection-rules-tags-investigation-guide
Elastic-detection-rules-tags-jamf-protect
Elastic-detection-rules-tags-kubernetes
Elastic-detection-rules-tags-lateral-movement-detection
Elastic-detection-rules-tags-lateral-movement
Elastic-detection-rules-tags-lightning-framework
Elastic-detection-rules-tags-linux
Elastic-detection-rules-tags-living-off-the-land-attack-detection
Elastic-detection-rules-tags-llm
Elastic-detection-rules-tags-log-auditing
Elastic-detection-rules-tags-machine-learning
Elastic-detection-rules-tags-macos
Elastic-detection-rules-tags-microsoft-365-audit-logs
Elastic-detection-rules-tags-microsoft-365
Elastic-detection-rules-tags-microsoft-defender-for-office-365
Elastic-detection-rules-tags-microsoft-defender-xdr
Elastic-detection-rules-tags-microsoft-defender
Elastic-detection-rules-tags-microsoft-entra-id-audit-logs
Elastic-detection-rules-tags-microsoft-entra-id-protection-logs
Elastic-detection-rules-tags-microsoft-entra-id-protection
Elastic-detection-rules-tags-microsoft-entra-id-sign-in-logs
Elastic-detection-rules-tags-microsoft-entra-id
Elastic-detection-rules-tags-microsoft-exchange-online-message-trace
Elastic-detection-rules-tags-microsoft-exchange
Elastic-detection-rules-tags-microsoft-graph-activity-logs
Elastic-detection-rules-tags-microsoft-graph
Elastic-detection-rules-tags-microsoft-purview-dlp
Elastic-detection-rules-tags-microsoft-purview
Elastic-detection-rules-tags-microsoft-threat-intelligence
Elastic-detection-rules-tags-ml
Elastic-detection-rules-tags-network-packet-capture
Elastic-detection-rules-tags-network-security-monitoring
Elastic-detection-rules-tags-network-traffic-http-logs
Elastic-detection-rules-tags-network-traffic
Elastic-detection-rules-tags-network
Elastic-detection-rules-tags-nginx
Elastic-detection-rules-tags-observavility
Elastic-detection-rules-tags-okta-system-logs
Elastic-detection-rules-tags-okta
Elastic-detection-rules-tags-onedrive
Elastic-detection-rules-tags-orbit
Elastic-detection-rules-tags-pan-os
Elastic-detection-rules-tags-persistence
Elastic-detection-rules-tags-powershell-logs
Elastic-detection-rules-tags-privilege-escalation
Elastic-detection-rules-tags-privileged-access-detection
Elastic-detection-rules-tags-reconnaissance
Elastic-detection-rules-tags-resource-development
Elastic-detection-rules-tags-risk-detection
Elastic-detection-rules-tags-rootkit
Elastic-detection-rules-tags-saas
Elastic-detection-rules-tags-sentinelone
Elastic-detection-rules-tags-sharepoint
Elastic-detection-rules-tags-sonicwall
Elastic-detection-rules-tags-storage
Elastic-detection-rules-tags-suricata
Elastic-detection-rules-tags-sysmon
Elastic-detection-rules-tags-system
Elastic-detection-rules-tags-t0010
Elastic-detection-rules-tags-t0040
Elastic-detection-rules-tags-t0044
Elastic-detection-rules-tags-t0053
Elastic-detection-rules-tags-t0055
Elastic-detection-rules-tags-t0085
Elastic-detection-rules-tags-t0086
Elastic-detection-rules-tags-threat-detection
Elastic-detection-rules-tags-traefik
Elastic-detection-rules-tags-triplecross
Elastic-detection-rules-tags-ueba
Elastic-detection-rules-tags-vulnerability
Elastic-detection-rules-tags-web-application-compromise
Elastic-detection-rules-tags-web
Elastic-detection-rules-tags-windows-security-event-logs
Elastic-detection-rules-tags-windows-system-event-logs
Elastic-detection-rules-tags-windows
Elastic-detection-rules-tags-winlogbeat
Elastic-detection-rules-tags-zoom
Reference in New Issue View Git Blame Copy Permalink