MITRE Coverage Score

Get Started with Outcomes Navigator
Use Outcomes Navigator with the MITRE ATT&CK® Framework
- Understand Your Overall MITRE ATT&CK® Coverage
- Assess Configuration Efficacy for a MITRE ATT&CK® Technique
Use Outcomes Navigator with the Threat Detection, Investigation, and Response (TDIR) Use Case Categories Framework
- Understand Your Overall Use Case Coverage
- Assess Configuration Efficacy for a Use Case
Use Outcomes Navigator for Compliance
- Understand Your Overall Coverage of a Compliance Framework
  - Summarize Your Compliance Coverage
  - Explore Controls by Coverage
View Recommendations for Improving Your Configuration
Share Information in Outcomes Navigator
Outcomes Navigator Coverage Calculation
Outcomes Navigator Parser Calibration Tier Average Calculation

Quickly understand the efficacy of your configuration in protecting against MITRE ATT&CK^® techniques.

The MITRE Coverage Score is a metric of how well your environment as a whole is configured to protect against ATT&CK techniques. At a glance, you can summarize the strength of your protection without analyzing the numbers and details yourself.^[15]

THE MITRE Coverage Score may describe all techniques or a specific technique.

Overall MITRE ATT&CK Coverage Score

The overall MITRE ATT&CK Coverage Score is a metric of how well your environment is configured to protect against all techniques across the board.

The score is the average MITRE Coverage Score across all unhidden techniques. The average is calculated by:

Equation 6.

A=\frac{S}{N}

where A is the average, S is the sum of all MITRE Coverage Scores across all unhidden techniques, and N is the total number of all unhidden techniques.

The overall MITRE Coverage Score is calculated once per day.

Overall MITRE ATT&CK Coverage Score Trends

You can view your overall MITRE ATT&CK Coverage Score and a chart depicting trends in the score over a one-month, three-month, or six-month period in a overview of your ATT&CK coverage.

Average Weekly Overall MITRE ATT&CK Coverage Score Calculation for One-Month Period

If the chart depicts the overall MITRE ATT&CK Coverage Score over a one-month period, each bar represents the average overall MITRE ATT&CK Coverage Score for a given a week. This average is calculated by:

Equation 7.

A=\frac{S}{N}

where A is the average MITRE ATT&CK Coverage Score for a given week, S is the sum of daily overall MITRE ATT&CK Coverage Scores calculated in the week, and N is the number of times the daily overall MITRE ATT&CK Coverage Score was calculated in the week.

Average Monthly Overall MITRE ATT&CK Coverage Score Calculations for Three-Month and Six-Month Periods

If the chart depicts the overall MITRE ATT&CK Coverage Score over a three-month or six-month period, each bar represents the average overall MITRE ATT&CK Coverage Score for a given month. This average is calculated by:

Equation 8.

A=\frac{S}{N}

where A is the average MITRE ATT&CK Coverage Score for a given month, S is the sum of weekly overall MITRE ATT&CK Coverage Scores calculated in the month, and N is the number of times the weekly overall MITRE ATT&CK Coverage Score was calculated in the month.

MITRE Coverage Score for a Specific ATT&CK Technique

The MITRE Coverage Score for a specific technique is a metric of how well your environment as a whole is configured to protect against a specific technique.

The MITRE Coverage Score for an ATT&CK technique is a weighted average of coverage scores across all Exabeam applications and features Outcomes Navigator assesses, including Advanced Analytics rules, correlation rules, analytics rules, and Dashboards.

Because the MITRE Coverage Score is based on amount and quality of data, the best way to improve your score is to configure a wider variety of relevant products and ensure the values in the logs from those products are fully extracted. Follow recommendations to improve your MITRE Coverage Score directly in Outcomes Navigator. You can view recommendations only if you have a license that includes Advanced Analytics.

Weight Calculation

The weight of each Exabeam application or feature is determined by the count of Exabeam features. The weight of a given Exabeam application or feature is calculated by:

Equation 9.

W=\frac{N}{T}

where W is the weight of a given Exabeam application or feature; N is the number of the Exabeam feature in question, for example, 50 analytics rules or 25 dashboards; and T is the total number of Exabeam features across all Exabeam applications.

Average Calculation

The average is calculated by:

Equation 10.

A=\left(SA\cdot WA\right)+\left(SB\cdot WB\right)+\left(SC\cdot WC\right)

where A is the average; SA, SB, and SC are the coverage scores of Exabeam applications or features A, B, and C, respectively, for a given ATT&CK technique; and WA, WB, and WC are the weights of Exabeam applications or features A, B, and C, respectively.

^[15]MITRE ATT&CK and ATT&CK are trademarks of The MITRE Corporation ("MITRE"). Exabeam is not affiliated with or sponsored or endorsed by MITRE. Nothing herein is a representation of the views or opinions of MITRE or its personnel.

Outcomes NavigatorOutcomes Navigator Guide

Table of ContentsTable of Contents