Operational coverage workbench for ATT&CK

Map your current analytics to MITRE ATT&CK, find the highest risk techniques without detections, and align telemetry requirements before kicking off new content development. This tool shares the same dataset as the main dashboard so CTI, detection, and leadership work from a single source of truth.

Step 1: Set the ATT&CK domain, tactics, platforms, and telemetry you care about.
Step 2: Use the gap board to prioritise work items and review MITRE detection guidance.
Step 3: Inspect tactic-level analytics to understand overall coverage results.
Step 4: Capture telemetry gaps and copy the detection plan summary for stakeholders.

Step 1 · Align your ATT&CK scope

Pick the ATT&CK domain, tactics, platforms, and focus mode you want to review. KPIs update immediately.

Domain

Coverage Focus

Keyword search

Tactics

Platforms

Step 2 · Prioritise analytics development

Work through the gap board, tag coverage decisions, and open MITRE detection guidance before handing work to engineers.

Gap prioritisation board

Technique guidance

Select any technique in the board to review risk, detection strategies, analytics, and telemetry hints.

Step 3 · Review detection coverage analytics

Each tactic card highlights coverage %, remaining gaps, and telemetry blockers so you can explain results at a glance.

Step 4 · Align telemetry and share the plan

Track which data sources you already collect, surface telemetry blockers, and export the coverage summary for stakeholders.

Telemetry inventory

Detection plan summary

Scope summary pending...