- Get Started with Outcomes Navigator
- Use Outcomes Navigator from a MITRE ATT&CK® Perspective
- Use Outcomes Navigator from a Threat Detection, Investigation, and Response (TDIR) Use Case Categories Perspective
- View Recommendations for Improving Your Configuration
- Share Information in Outcomes Navigator
- Outcomes Navigator Coverage Calculation
- Outcomes Navigator Parser Calibration Tier Average Calculation
Dashboards Coverage Calculation
Learn how Outcomes Navigator calculates Dashboards coverage for a given use case or MITRE ATT&CK® technique.[17]
[17] MITRE ATT&CK and ATT&CK are trademarks of The MITRE Corporation ("MITRE"). Exabeam is not affiliated with or sponsored or endorsed by MITRE. Nothing herein is a representation of the views or opinions of MITRE or its personnel.
Dashboards coverage is a metric of how well your environment is configured so Dashboards can present data relevant to a given use case or ATT&CK technique. At a glance, you can summarize the efficacy of Dashboards visualizations without analyzing the numbers and details yourself.
Your Dashboards coverage level for each use case or ATT&CK technique is determined by the percentage of all possible parsed fields your dashboards could use that your environment actively parses:
Best – Your environment actively parses 75 to 100 percent of all possible fields Dashboards uses to present data relevant to a given use case or ATT&CK technique.
Better – Your environment actively parses 50 to 74 percent of all possible fields Dashboard uses to present data relevant to a given use case or ATT&CK technique.
Good – Your environment actively parses one to 49 percent of all possible fields Dashboard uses to present data relevant to a given use case or ATT&CK technique.
None – Your environment doesn't parse any fields Dashboard uses to present data relevant to a given use case or ATT&CK technique.
To calculate your Dashboards coverage, an internal service first maps your dashboards to use cases and ATT&CK techniques. Then, Outcomes Navigator must determine the fields Dashboard potentially uses and your environment also actively parses.
To calculate Dashboard coverage for a use case, Outcomes Navigator finds the intersection between all possible parsed fields Dashboards uses to present data relevant to the use case and all fields your environment actively parses for the use case. Similarly for an ATT&CK technique, Outcomes Navigator finds the intersection between all possible parsed fields Dashboards uses to present data relevant to the ATT&CK technique and all fields your environment actively parses for the ATT&CK technique.
The percentage is calculated by:
where P is the percentage, AF is the number of actively parsed fields Dashboards uses, and TF is the total number of possible fields Dashboards could use.
[17] MITRE ATT&CK and ATT&CK are trademarks of The MITRE Corporation ("MITRE"). Exabeam is not affiliated with or sponsored or endorsed by MITRE. Nothing herein is a representation of the views or opinions of MITRE or its personnel.