MITRE ATT&CK Technique Coverage

Senior Member

Hi All,

I have been mapping our capabilities to the ATT&CK framework to be able to display coverage and where hot spots may exist. I am having a very difficult time finding any reference to what techniques 365 Defender covers. 

Does anyone know of a way to get this list from the console? I can export the alerts that have fired but I'm looking for a list of all that "could" fire, if that makes sense.


1 Reply
I'm also interested and having a hard time finding this information. The incidents that come across into Sentinel also don't carry over the MITRE fields, so we can't even query based on that.