MITRE ATT&CK Coverage

AlphaSOC provides comprehensive detection coverage across the MITRE ATT&CK Enterprise framework. The coverage map below shows which techniques are detected by AlphaSOC, along with the number of distinct detections for each technique.

Using the ATT&CK Navigator

You can download the coverage data as an ATT&CK Navigator layer file for detailed analysis and integration with your security workflows:

1. Download the layer file using the button below
2. Open the ATT&CK Navigator
3. Click "Open Existing Layer" → "Upload from local"
4. Select the downloaded JSON file

The Navigator layer includes color-coded coverage based on detection count, allowing you to visualize detection depth across the framework.

MITRE ATT&CK Coverage Map

AlphaSOC Detection Coverage

Coverage across the MITRE ATT&CK Enterprise framework based on 1027 detections.

Download ATT&CK Navigator Layer

87%13 of 15Tactics
Covered

Reconnaissance

0/12 Covered

T1589

Gather Victim Identity Information

T1590

Gather Victim Network Information

T1591

Gather Victim Org Information

T1592

Gather Victim Host Information

T1593

Search Open Websites/Domains

Resource Development

4/9 Covered

T15836

Acquire Infrastructure

T15842

Compromise Infrastructure

T1585

Establish Accounts

T15862

Compromise Accounts

T1587

Develop Capabilities

Initial Access

6/9 Covered

T107875

Valid Accounts

T1091N/A

Replication Through Removable Media

T11332

External Remote Services

T11896

Drive-by Compromise

T11906

Exploit Public-Facing Application

Execution

4/10 Covered

T1047N/A

Windows Management Instrumentation

T1053N/A

Scheduled Task/Job

T105910

Command and Scripting Interpreter

T1072

Software Deployment Tools

T1106N/A

Native API

Persistence

9/12 Covered

T1037

Boot or Logon Initialization Scripts

T1053N/A

Scheduled Task/Job

T107813

Valid Accounts

T1098102

Account Manipulation

T1112N/A

Modify Registry

Privilege Escalation

6/9 Covered

T10375

Boot or Logon Initialization Scripts

T1053N/A

Scheduled Task/Job

T1055N/A

Process Injection

T1068

Exploitation for Privilege Escalation

T107830

Valid Accounts

Stealth

2/9 Covered

T1006N/A

Direct Volume Access

T1014N/A

Rootkit

T1027N/A

Obfuscated Files or Information

T1036N/A

Masquerading

T1055N/A

Process Injection

Defense Impairment

0/9 Covered

T1112N/A

Modify Registry

T1207N/A

Rogue Domain Controller

T1222

File and Directory Permissions Modification

T1484

Domain or Tenant Policy Modification

T1553N/A

Subvert Trust Controls

Credential Access

9/14 Covered

T1003N/A

OS Credential Dumping

T10402

Network Sniffing

T1056N/A

Input Capture

T111017

Brute Force

T1111

Multi-Factor Authentication Interception

Discovery

8/16 Covered

T1007N/A

System Service Discovery

T1010N/A

Application Window Discovery

T1012N/A

Query Registry

T1016N/A

System Network Configuration Discovery

T1018

Remote System Discovery

Lateral Movement

3/8 Covered

T10216

Remote Services

T1072

Software Deployment Tools

T1080

Taint Shared Content

T1091N/A

Replication Through Removable Media

T1210

Exploitation of Remote Services

Collection

3/5 Covered

T1005N/A

Data from Local System

T1025N/A

Data from Removable Media

T1039N/A

Data from Network Shared Drive

T1056N/A

Input Capture

T1074N/A

Data Staged

Command and Control

13/17 Covered

T10013

Data Obfuscation

T10081

Fallback Channels

T107145

Application Layer Protocol

T10902

Proxy

T1092N/A

Communication Through Removable Media

Exfiltration

4/8 Covered

T1011

Exfiltration Over Other Network Medium

T1020

Automated Exfiltration

T1029

Scheduled Transfer

T1030

Data Transfer Size Limits

T10412

Exfiltration Over C2 Channel

Impact

8/12 Covered

T148550

Data Destruction

T14863

Data Encrypted for Impact

T14895

Service Stop

T149018

Inhibit System Recovery

T1491

Defacement