Tool 06
Detection Workbench
Plan, track, and generate detection coverage across ATT&CK techniques.
🔗
Techniques imported — 0 techniques loaded and ready. Select "From Profile" or "From Threat Actor" below and click Start to continue.
Entry Point — How are you loading techniques?
Manual
Start blank. Add techniques to each tactic manually as you build your detection plan.
From Profile
Load prioritised techniques from the ATT&CK Threat Profiler. Scores inform priority calculations.
From Threat Actor
Load techniques attributed to a specific threat actor group from MITRE ATT&CK STIX data.
From Threat Intel
Load high-frequency techniques for your industry vertical based on curated intelligence data.
Scenario
Platforms in scope — used to filter techniques
Windows
Linux
macOS
Cloud / IaaS
Containers
Network
SaaS
Azure AD
Detection Scenario
Manual
0Techniques
0Critical
0No Rule
0Production
—Avg Conf.
Coverage Summary
0
Total
0
Production
0
Rollout
0
Testing
0
No Rule
🗺️ Send to Heatmap Builder
Export confidence scores as an ATT&CK Navigator layer — colour-coded by tier — and open directly in the Heatmap Builder.
Markdown Narrative
Human-readable coverage report with per-technique tier, data status, confidence scores, and any generated detection templates.
JSON Ruleset
Machine-readable structured export with all technique data, scores, and templates. Suitable for agentic AI consumption and pipeline integration.
Sigma Templates
Vendor-agnostic Sigma rule skeletons for each technique. Field placeholders ready for analyst completion and SIEM deployment.
Navigator Layer
ATT&CK Navigator JSON layer with confidence scores mapped to colours. Import directly into Navigator or the Heatmap Builder.