This directory contains coverage tracking artifacts for the Detection Engineering Program.
Coverage tracking helps answer questions such as:
- which ATT&CK techniques are covered
- which Cyber Kill Chain phases are represented
- where gaps remain
- which tactics need additional engineering focus
- how detection maturity is improving over time
Examples of content that may be stored here include:
- ATT&CK coverage summaries
- Cyber Kill Chain coverage summaries
- gap tracking artifacts
- technique-to-detection mapping references
- coverage exports used for reporting
- visual summaries that support leadership or engineering review
Examples of subfolders that may exist here over time:
mitre/— ATT&CK coverage artifactscyber-kill-chain/— Cyber Kill Chain coverage artifactsgap-analysis/— prioritized detection gaps and follow-up tracking
The goal of this directory is to make detection coverage visible, measurable, and easier to improve over time.