Events execution
List of attacks behaviors executed
This table provides an overview of all the events executed for the selected simulation with their main technical characteristics.
This sketch cannot currently be displayed in exports
Simulation events list
The table presents all the events executed for the simulation with the following information:
- Execution status
- Event number and name
- Date and time of execution
- Severity (red =
high, yellow =low) - Availability of IOC, Sigma rule, comments or evidence associated with the event
- Event type (
network,windows,linuxormacos) - MITRE ATT&CK tactic associated with the event
- Event execution source
- Event targets
- Event detection status
- Event detection
- Reaction following the event
- Time to Detect (TTD)
- Time to React (TTR)
It is possible to choose the columns to display using the button located at the top right:
Hint: The area at the bottom of the screen indicates the total number of events and allows you to choose how many events are displayed per screen.
Selecting and filtering
To facilitate the operation of the simulations list, several features are available:
- Choice of event display order: by date or event ID
- Application of filters: event start time, severity, type, comments, proofs, Sigma rule, IOC, MITRE ATT&CK Tactic, detection status, detection source, reaction
- Search field
Campaign data export
All data related to the campaign can be exported:
- A .csv file contains all the technical information of the events
- A zip archive contains all the evidence added to the events.
This sketch cannot currently be displayed in exports
Qualify events status
The events list allows for quickly informing the detection status of the events. The default status is
Unqualified. Three other statuses are possible: Undetected, Logged, Alerted.
The number of unqualified events is directly displayed at the top left under the name of the simulation. Qualifying all events allows for having complete results and thus better evaluating the effectiveness of defense means. The status is the criterion with the most impact on the score calculation.
Hint: Refer to the following section for an explanation of possible statuses for events