security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
fcad19fa1847d48bbb4ddf19bbfeaba2507971d8
sigma-rules/docs-dev/ATT&CK-coverage.md
T
github-actions[bot] fcad19fa18 Lock versions for releases: 8.14,8.15,8.16,8.17,8.18,9.0 (#4820)
2025-06-18 18:11:09 +05:30

46 KiB
Raw Blame History

Rule coverage

ATT&CK navigator layer files are generated when a package is built with make release or python -m detection-rules.This also means they can be downloaded from all successful builds.

These files can be used to pass to a custom navigator session. For convenience, the links are generated below. You can also include multiple across tabs in a single session, though it is not advisable to upload all of them as it will likely overload your browsers resources.

Current rule coverage

The source files for these links are regenerated with every successful merge to main. These represent coverage from the state of rules in the main branch.

Full coverage: ATT&CK navigator coverage

Coverage by platform: navigator

other navigator links by rule attributes
Elastic-detection-rules-indexes-
Elastic-detection-rules-indexes-auditbeat-WILDCARD
Elastic-detection-rules-indexes-endgame-WILDCARD
Elastic-detection-rules-indexes-filebeat-WILDCARD
Elastic-detection-rules-indexes-logs-WILDCARD
Elastic-detection-rules-indexes-logs-auditd_manager
Elastic-detection-rules-indexes-logs-aws
Elastic-detection-rules-indexes-logs-azure
Elastic-detection-rules-indexes-logs-azureWILDCARD
Elastic-detection-rules-indexes-logs-crowdstrike
Elastic-detection-rules-indexes-logs-cyberarkpas
Elastic-detection-rules-indexes-logs-endpoint
Elastic-detection-rules-indexes-logs-endpoint
Elastic-detection-rules-indexes-logs-endpointWILDCARD
Elastic-detection-rules-indexes-logs-fim
Elastic-detection-rules-indexes-logs-gcpWILDCARD
Elastic-detection-rules-indexes-logs-github
Elastic-detection-rules-indexes-logs-google_workspaceWILDCARD
Elastic-detection-rules-indexes-logs-jamf_protectWILDCARD
Elastic-detection-rules-indexes-logs-kubernetes
Elastic-detection-rules-indexes-logs-m365_defender
Elastic-detection-rules-indexes-logs-network_traffic
Elastic-detection-rules-indexes-logs-o365
Elastic-detection-rules-indexes-logs-o365WILDCARD
Elastic-detection-rules-indexes-logs-o365WILDCARDWILDCARD
Elastic-detection-rules-indexes-logs-okta
Elastic-detection-rules-indexes-logs-oktaWILDCARD
Elastic-detection-rules-indexes-logs-panw
Elastic-detection-rules-indexes-logs-sentinel_one_cloud_funnel
Elastic-detection-rules-indexes-logs-system
Elastic-detection-rules-indexes-logs-windows
Elastic-detection-rules-indexes-metrics-WILDCARD
Elastic-detection-rules-indexes-ml_beaconing
Elastic-detection-rules-indexes-packetbeat-WILDCARD
Elastic-detection-rules-indexes-traces-WILDCARD
Elastic-detection-rules-indexes-winlogbeat-WILDCARD
Elastic-detection-rules-tags-active-directory-monitoring
Elastic-detection-rules-tags-active-directory
Elastic-detection-rules-tags-amazon-ec2
Elastic-detection-rules-tags-amazon-route53
Elastic-detection-rules-tags-amazon-s3
Elastic-detection-rules-tags-amazon-web-services
Elastic-detection-rules-tags-asset-visibility
Elastic-detection-rules-tags-auditd-manager
Elastic-detection-rules-tags-aws-cloudtrail
Elastic-detection-rules-tags-aws-cloudwatch
Elastic-detection-rules-tags-aws-dynamodb
Elastic-detection-rules-tags-aws-ec2
Elastic-detection-rules-tags-aws-iam
Elastic-detection-rules-tags-aws-kms
Elastic-detection-rules-tags-aws-lambda
Elastic-detection-rules-tags-aws-rds
Elastic-detection-rules-tags-aws-route53
Elastic-detection-rules-tags-aws-s3
Elastic-detection-rules-tags-aws-secrets-manager
Elastic-detection-rules-tags-aws-service-quotas
Elastic-detection-rules-tags-aws-sign-in
Elastic-detection-rules-tags-aws-signin
Elastic-detection-rules-tags-aws-sns
Elastic-detection-rules-tags-aws-sqs
Elastic-detection-rules-tags-aws-ssm
Elastic-detection-rules-tags-aws-sts
Elastic-detection-rules-tags-aws-systems-manager
Elastic-detection-rules-tags-aws
Elastic-detection-rules-tags-azure-activity-logs
Elastic-detection-rules-tags-azure
Elastic-detection-rules-tags-bbr
Elastic-detection-rules-tags-bpfdoor
Elastic-detection-rules-tags-c2-beaconing-detection
Elastic-detection-rules-tags-cloud-threat-detection
Elastic-detection-rules-tags-cloud
Elastic-detection-rules-tags-cobalt-strike
Elastic-detection-rules-tags-collection
Elastic-detection-rules-tags-command-and-control
Elastic-detection-rules-tags-configuration-audit
Elastic-detection-rules-tags-container
Elastic-detection-rules-tags-credential-access
Elastic-detection-rules-tags-crowdstrike
Elastic-detection-rules-tags-cyberark-pas
Elastic-detection-rules-tags-data-exfiltration-detection
Elastic-detection-rules-tags-defense-evasion
Elastic-detection-rules-tags-discovery
Elastic-detection-rules-tags-domain-generation-algorithm-detection
Elastic-detection-rules-tags-elastic-defend
Elastic-detection-rules-tags-elastic-endgame
Elastic-detection-rules-tags-email
Elastic-detection-rules-tags-endpoint
Elastic-detection-rules-tags-entra-id-sign-in-logs
Elastic-detection-rules-tags-entra-id-sign-in
Elastic-detection-rules-tags-entra-id
Elastic-detection-rules-tags-execution
Elastic-detection-rules-tags-exfiltration
Elastic-detection-rules-tags-file-integrity-monitoring
Elastic-detection-rules-tags-gcp
Elastic-detection-rules-tags-github
Elastic-detection-rules-tags-google-cloud-platform
Elastic-detection-rules-tags-google-workspace
Elastic-detection-rules-tags-graph-api-activity-logs
Elastic-detection-rules-tags-graph-api
Elastic-detection-rules-tags-higher-order-rule
Elastic-detection-rules-tags-identity-and-access-audit
Elastic-detection-rules-tags-identity
Elastic-detection-rules-tags-impact
Elastic-detection-rules-tags-initial-access
Elastic-detection-rules-tags-investigation-guide
Elastic-detection-rules-tags-jamf-protect
Elastic-detection-rules-tags-kubernetes
Elastic-detection-rules-tags-lateral-movement-detection
Elastic-detection-rules-tags-lateral-movement
Elastic-detection-rules-tags-lightning-framework
Elastic-detection-rules-tags-linux
Elastic-detection-rules-tags-living-off-the-land-attack-detection
Elastic-detection-rules-tags-log-auditing
Elastic-detection-rules-tags-machine-learning
Elastic-detection-rules-tags-macos
Elastic-detection-rules-tags-microsoft-365-audit-logs
Elastic-detection-rules-tags-microsoft-365
Elastic-detection-rules-tags-microsoft-defender-for-endpoint
Elastic-detection-rules-tags-microsoft-entra-id-audit-logs
Elastic-detection-rules-tags-microsoft-entra-id-protection-logs
Elastic-detection-rules-tags-microsoft-entra-id-sign-in-logs
Elastic-detection-rules-tags-microsoft-entra-id
Elastic-detection-rules-tags-microsoft-exchange
Elastic-detection-rules-tags-microsoft-graph-activity-logs
Elastic-detection-rules-tags-microsoft-graph
Elastic-detection-rules-tags-ml
Elastic-detection-rules-tags-network-security-monitoring
Elastic-detection-rules-tags-network
Elastic-detection-rules-tags-okta
Elastic-detection-rules-tags-onedrive
Elastic-detection-rules-tags-orbit
Elastic-detection-rules-tags-pan-os
Elastic-detection-rules-tags-persistence
Elastic-detection-rules-tags-powershell-logs
Elastic-detection-rules-tags-privilege-escalation
Elastic-detection-rules-tags-privileged-access-detection
Elastic-detection-rules-tags-reconnaissance
Elastic-detection-rules-tags-resource-development
Elastic-detection-rules-tags-risk-detection
Elastic-detection-rules-tags-rootkit
Elastic-detection-rules-tags-saas
Elastic-detection-rules-tags-sentinelone
Elastic-detection-rules-tags-sharepoint
Elastic-detection-rules-tags-sysmon
Elastic-detection-rules-tags-system
Elastic-detection-rules-tags-threat-detection
Elastic-detection-rules-tags-triplecross
Elastic-detection-rules-tags-ueba
Elastic-detection-rules-tags-vulnerability
Elastic-detection-rules-tags-web-application-compromise
Elastic-detection-rules-tags-windows-security-event-logs
Elastic-detection-rules-tags-windows-system-event-logs
Elastic-detection-rules-tags-windows
Elastic-detection-rules-tags-zoom
Reference in New Issue View Git Blame Copy Permalink