Skip to main content

Outcomes NavigatorOutcomes Navigator Guide

Dashboards Coverage Calculation

Learn how Outcomes Navigator calculates Dashboards coverage for a given use case or MITRE ATT&CK® technique.[17]

Dashboards coverage is a metric of how well your environment is configured so Dashboards can present data relevant to a given use case or technique. At a glance, you can summarize the efficacy of Dashboards visualizations without analyzing the numbers and details yourself.

Your Dashboards coverage score for each use case or technique is the percentage of all possible parsed fields your dashboards could use that your environment actively parses.

To calculate your Dashboards coverage, an internal service first maps your dashboards to use cases and techniques. Then, Outcomes Navigator must determine the fields Dashboard potentially uses and your environment also actively parses.

To calculate Dashboard coverage for a use case, Outcomes Navigator finds the intersection between all possible parsed fields Dashboards uses to present data relevant to the use case and all fields your environment actively parses for the use case. Similarly for a technique, Outcomes Navigator finds the intersection between all possible parsed fields Dashboards uses to present data relevant to the ATT&CK technique and all fields your environment actively parses for the technique.

The percentage is calculated by:

Equation 13. 
P=AFTF100P=\frac{AF}{TF}\cdot100


where P is the percentage, AF is the number of actively parsed fields Dashboards uses, and TF is the total number of possible fields Dashboards could use.



[17] MITRE ATT&CK and ATT&CK are trademarks of The MITRE Corporation ("MITRE"). Exabeam is not affiliated with or sponsored or endorsed by MITRE. Nothing herein is a representation of the views or opinions of MITRE or its personnel.