MITRE ATT&CK® Coverage Map

The MITRE ATT&CK® Coverage Map page provides a comprehensive visualization of how the Cisco Breach Protection Suite protects your organization against the tactics and techniques represented by the MITRE ATT&CK® Matrix for Enterprise. The product coverage mapping data is provided by Cisco Talos and Cisco's integration partners, and it is associated with the detection content for SentinelOne Singularity third-party product and the following Cisco products that are included in the Breach Protection Suite:

  • XDR Native (Network, Cloud, Identity, and Endpoint)

  • Secure Email Threat Defense

  • Secure Endpoint

  • Secure Malware Analytics

  • Secure Network Analytics

Note: The Additional Integrations area with the Sentinel One third-party integration check box is only displayed if your organization has SentinelOne Singularity integrated in Cisco XDR. For details on integrating SentinelOne Singularity, see SentinelOne Singularity Integration.

Choose Control CenterMITRE Coverage Map in the left navigation menu to open the MITRE ATT&CK® Coverage Map page and view the tactics and techniques that are covered by the Cisco and third-party products. By default, the coverage map displays the tactics and techniques for products that are integrated with Cisco XDR in your organization. You can filter the coverage map to display products that are not integrated for a comprehensive view of the coverage your organization would have if you integrate more products.

Note: Having visibility into a technique does not ensure detection or protection against all occurrences of the technique and the coverages shown in the map does not reflect your specific product configurations or settings.

The tactics are listed in the top row and all the associated technique cards are listed alphabetically under each tactic. For more information on tactics and techniques, see MITRE ATT&CK Matrix for Enterprise. The number of techniques covered by the selected products are indicated under the tactic and each technique card underneath displays the total number of supported products selected for the technique, the number of incidents that are impacted by the technique, and the color-coded risk score for the technique. Hover over the product tag to display a detailed list of selected products covered by the technique and you can hover over the risk score to display the severity of the risk. For more information on the risk scores, see Color and Icon Key. Click a tactic or technique card to open the tactic or technique drawer for a high-level summary of the tactic or technique in one place, including a list of products covered and a list of XDR Native sources that provide coverage for the tactic or technique, if applicable.

The status of the integration is displayed below each product check box (Integrated or Not Integrated). If a product is not integrated in Cisco XDR, you can configure the integration on the Integrations page. For more information on adding an integration, see Integrations.