Forum Discussion
MITRE ATT&CK Coverage
Morning from the UK! I am trying to better understand how Defender \ Sentinel protect against the MITRE ATT&CK framework. I am particularly interested in mapping to the tactics \ techniques that ...
Thanks again for your reply, but this doesn't answer my question; perhaps I am not being sufficiently clear.
Lets assume the use case where I look after a number of clients.
-I need to confirm the current coverage of the MITRE ATT&CK framework currently available for each one
-I need to give them a simple way of exporting this information from their tenant
-I need some sort of repository I can then compare the results from each client with what is currently available from Microsoft
-I can then confirm what custom controls are required
How can I achieve that?
Lets assume the use case where I look after a number of clients.
-I need to confirm the current coverage of the MITRE ATT&CK framework currently available for each one
-I need to give them a simple way of exporting this information from their tenant
-I need some sort of repository I can then compare the results from each client with what is currently available from Microsoft
-I can then confirm what custom controls are required
How can I achieve that?
I am also actively looking for any answer to this question. We all need a dedicated MS Learn/Docs page with a clear MITRE mapping to M365 Defender actions, detections etc. I understand the Sentinel tab page but it's not what we are looking for.
- Sorry for the 'bump', but I'm also curious here.
Sentinel has the MITRE attack blade but we could use something similar in the M365 Defender security portal, too. Yes, there is the Engenuity report but that's not the level we're talking about. More a way to easily show the out of the box coverage, before you get to the customised detections, etc.
