- Get Started with Outcomes Navigator
- Use Outcomes Navigator with the MITRE ATT&CK® Framework
- Use Outcomes Navigator with the Threat Detection, Investigation, and Response (TDIR) Use Case Categories Framework
- Use Outcomes Navigator for Compliance
- View Recommendations for Improving Your Configuration
- Share Information in Outcomes Navigator
- Outcomes Navigator Coverage Calculation
- The Role of Parsed Fields in Coverage Calculation
- Prerequisites for Calculating Coverage
- Types of Coverage Scores
- Use Case Coverage Score
- MITRE Coverage Score
- Compliance Framework Coverage Score
- Control Coverage Score
- Advanced Analytics Rules Coverage Calculation
- Correlation Rules Coverage Calculation
- Dashboards Coverage Calculation
- Coverage Over Time Calculation
- Outcomes Navigator Parser Calibration Tier Average Calculation
Outcomes Navigator Coverage
Learn how Outcomes Navigator defines coverage.
In Outcomes Navigator, coverage is a metric of how well your environment is configured to address a use case, MITRE ATT&CK® technique, or compliance framework. Coverage may refer to how well your environment is configured as a whole or how well your environment is configured to enable specific features or applications.[2]
Coverage is determined by the amount and quality of data your environment receives. For your environment to address a threat or compliance framework, it must receive data relevant to the threat or compliance framework, receive an adequate amount of data for the coverage level you want, and parse the data. To improve your coverage, you configure more products in product categories relevant to the threat or compliance framework; the more relevant products you configure, the more relevant data your environment receives, and the more coverage your environment has for the threat or compliance framework.
Coverage is represented by a numeric score ranging from 0 to 100 depending on the amount of relevant data your environment receives. A coverage score of zero means your environment is poorly configured to address a threat or compliance framework; your environment doesn't receive any data relevant to the threat or compliance framework. A coverage score of 100 means your environment is optimally configured to address the threat or compliance framework; your environment receives a lot of data relevant to the threat or compliance framework.
[2] MITRE ATT&CK and ATT&CK are trademarks of The MITRE Corporation ("MITRE"). Exabeam is not affiliated with or sponsored or endorsed by MITRE. Nothing herein is a representation of the views or opinions of MITRE or its personnel.