From ab9d6cbfb654cc1f5e7753bebd9888759237da86 Mon Sep 17 00:00:00 2001 From: Davis Plumlee Date: Mon, 11 Aug 2025 18:36:52 -0400 Subject: [PATCH 1/2] updates docs --- solutions/security/detect-and-alert/mitre-attandckr-coverage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/security/detect-and-alert/mitre-attandckr-coverage.md b/solutions/security/detect-and-alert/mitre-attandckr-coverage.md index 620a1eae42..f2ecd31ea7 100644 --- a/solutions/security/detect-and-alert/mitre-attandckr-coverage.md +++ b/solutions/security/detect-and-alert/mitre-attandckr-coverage.md @@ -20,7 +20,7 @@ Mirroring the MITRE ATT&CK® framework, columns represent major tactics, and cel To access the **MITRE ATT&CK® coverage** page, find **Detection rules (SIEM)** in the navigation menu or look for “Detection rules (SIEM)” using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), then go to **MITRE ATT&CK® coverage**. ::::{note} -This page only includes the detection rules you currently have installed, and only rules that are mapped to MITRE ATT&CK®. The coverage page maps detections to the following [MITRE ATT&CK® version](https://attack.mitre.org/resources/updates/updates-april-2024) used by {{elastic-sec}}: `v16.1`. Elastic prebuilt rules that aren’t installed and custom rules that are either unmapped or mapped to a deprecated tactic or technique will not appear on the coverage map. +This page only includes the detection rules you currently have installed, and only rules that are mapped to MITRE ATT&CK®. The coverage page maps detections to the following [MITRE ATT&CK® version](https://attack.mitre.org/resources/updates/updates-april-2025) used by {{elastic-sec}}: `v17.1`. Elastic prebuilt rules that aren’t installed and custom rules that are either unmapped or mapped to a deprecated tactic or technique will not appear on the coverage map. You can map custom rules to tactics in **Advanced settings** when creating or editing a rule. From eed605a2e95ce4ef9c65575ecff5eec11eb4542e Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Wed, 13 Aug 2025 14:47:33 -0400 Subject: [PATCH 2/2] Adds version table --- .../detect-and-alert/mitre-attandckr-coverage.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/solutions/security/detect-and-alert/mitre-attandckr-coverage.md b/solutions/security/detect-and-alert/mitre-attandckr-coverage.md index f2ecd31ea7..ac9dd93b86 100644 --- a/solutions/security/detect-and-alert/mitre-attandckr-coverage.md +++ b/solutions/security/detect-and-alert/mitre-attandckr-coverage.md @@ -20,10 +20,10 @@ Mirroring the MITRE ATT&CK® framework, columns represent major tactics, and cel To access the **MITRE ATT&CK® coverage** page, find **Detection rules (SIEM)** in the navigation menu or look for “Detection rules (SIEM)” using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), then go to **MITRE ATT&CK® coverage**. ::::{note} -This page only includes the detection rules you currently have installed, and only rules that are mapped to MITRE ATT&CK®. The coverage page maps detections to the following [MITRE ATT&CK® version](https://attack.mitre.org/resources/updates/updates-april-2025) used by {{elastic-sec}}: `v17.1`. Elastic prebuilt rules that aren’t installed and custom rules that are either unmapped or mapped to a deprecated tactic or technique will not appear on the coverage map. +This page only includes the detection rules you currently have installed, and only rules that are mapped to MITRE ATT&CK®. The coverage page maps detections to [MITRE ATT&CK® versions](https://attack.mitre.org/resources/updates/) used by {{elastic-sec}}. -You can map custom rules to tactics in **Advanced settings** when creating or editing a rule. +Elastic prebuilt rules that aren’t installed and custom rules that are either unmapped or mapped to a deprecated tactic or technique will not appear on the coverage map. You can map custom rules to tactics in **Advanced settings** when creating or editing a rule. :::: @@ -32,6 +32,16 @@ You can map custom rules to tactics in **Advanced settings** when creating or ed :screenshot: ::: +Refer to the following table to find the MITRE ATT&CK® version that's mapped to your version of {{elastic-sec}}. + +| MITRE ATT\&CK® version | {{elastic-sec}} version | +| :---- | :---- | +| [**v16.1**](https://attack.mitre.org/resources/updates/updates-october-2024/) | **9.0.0, 9.1.0** | +| [**v17.1**](https://attack.mitre.org/resources/updates/updates-april-2025/) | **9.2.0** | + +::::{note} +{{serverless-short}} always uses the latest MITRE ATT&CK® versions that's been mapped to {{elastic-sec}}. +:::: ## Filter rules [security-rules-coverage-filter-rules]