ATT&CK Detection Rule Coverage
5975 detection rules mapped to 428 MITRE ATT&CK techniques. Click a technique to see every rule written for it, grouped by vendor for easy comparison. Use the vendor chips to show or hide each rule source.
- flat
- side
Execution 13
Hijack Execution Flow (12)
DLL (118) DLL Side-Loading (10) Dylib Hijacking (1) Executable Installer File Permissions Weakness (2) Dynamic Linker Hijacking (2) Path Interception by PATH Environment Variable (5) Path Interception by Search Order Hijacking (6) Path Interception by Unquoted Path (4) Services File Permissions Weakness (6) Services Registry Permissions Weakness (17) COR_PROFILER (2) AppDomainManager (1)
Discovery 27
Credential Access 14
Privilege Escalation 13
Event Triggered Execution (11)
Change Default File Association (7) Screensaver (6) Windows Management Instrumentation Event Subscription (23) Netsh Helper DLL (7) Accessibility Features (22) AppCert DLLs (5) AppInit DLLs (3) Application Shimming (11) Image File Execution Options Injection (10) PowerShell Profile (3) Component Object Model Hijacking (22)
Persistence 17
Event Triggered Execution (11)
Change Default File Association (7) Screensaver (6) Windows Management Instrumentation Event Subscription (23) Netsh Helper DLL (7) Accessibility Features (22) AppCert DLLs (5) AppInit DLLs (3) Application Shimming (11) Image File Execution Options Injection (10) PowerShell Profile (3) Component Object Model Hijacking (22)
Stealth 24
Hijack Execution Flow (12)
DLL (118) DLL Side-Loading (10) Dylib Hijacking (1) Executable Installer File Permissions Weakness (2) Dynamic Linker Hijacking (2) Path Interception by PATH Environment Variable (5) Path Interception by Search Order Hijacking (6) Path Interception by Unquoted Path (4) Services File Permissions Weakness (6) Services Registry Permissions Weakness (17) COR_PROFILER (2) AppDomainManager (1)