Select items in the Simulate menu to simulate your organization's possible security status. In Microsoft Sentinel, in the General menu on the left, select MITRE.
View your simulated coverage to understand your organization's possible security status, were you to configure all detections available to you. In the MITRE coverage matrix, simulated coverage refers to detections that are available, but not currently configured, in your Microsoft Sentinel workspace. Simulate possible coverage with available detections Select links to any of the active items to jump to the relevant area in Microsoft Sentinel. Select View technique details for more information about the selected technique in the MITRE ATT&CK framework knowledge base. There, use the links to jump to any of the following locations: Select a specific technique in the matrix to view more details on the right. Use the search bar at the top-left to search for a specific technique in the matrix, using the technique name or ID, to view your organization's security status for the selected technique. Use the legend at the top-right to understand how many detections are currently active in your workspace for specific technique. By default, both currently active scheduled query and near real-time (NRT) rules are indicated in the coverage matrix. In Microsoft Sentinel, in the Threat management menu on the left, select MITRE.
Microsoft Sentinel is currently aligned to The MITRE ATT&CK framework, version 11.
MICROSOFT AZURE SENTINEL HOW TO
This article describes how to use the MITRE page in Microsoft Sentinel to view the detections already active in your workspace, and those available for you to configure, to understand your organization's security coverage, based on the tactics and techniques from the MITRE ATT&CK® framework. Microsoft Sentinel analyzes ingested data, not only to detect threats and help you investigate, but also to visualize the nature and coverage of your organization's security status. Many organizations use the MITRE ATT&CK knowledge base to develop specific threat models and methodologies that are used to verify security status in their environments. MITRE ATT&CK is a publicly accessible knowledge base of tactics and techniques that are commonly used by attackers, and is created and maintained by observing real-world observations. The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability. The MITRE page in Microsoft Sentinel is currently in PREVIEW.
0 kommentar(er)
