mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-10 21:24:56 +03:00
mukul975
977 B
977 B
Workflows - MITRE ATT&CK Coverage Mapping
Quarterly Coverage Assessment Workflow
1. Export all active SIEM detection rules
|
v
2. Map each rule to MITRE ATT&CK technique(s)
|
v
3. Score each technique (0-100)
|
v
4. Generate ATT&CK Navigator heatmap
|
v
5. Identify top 10 gap techniques
|
v
6. Prioritize based on threat landscape
|
v
7. Create detection engineering backlog
|
v
8. Build and deploy new rules
|
v
9. Validate with adversary emulation
|
v
10. Update coverage map
Continuous Improvement Cycle
Assess Coverage --> Identify Gaps --> Prioritize -->
Build Rules --> Test Rules --> Deploy --> Validate -->
Measure --> Report --> Repeat
Gap Closure Tracking
| Week | New Rules | Techniques Covered | Coverage Delta |
|---|---|---|---|
| 1 | 3 | T1059, T1055, T1003 | +1.5% |
| 2 | 2 | T1053, T1547 | +1.0% |
| 3 | 3 | T1071, T1105, T1048 | +1.5% |
| 4 | 2 | T1218, T1036 | +1.0% |