Detection coverage, automated
Upload your Sigma rules or paste a detection list. The tool maps every technique across ATT&CK Enterprise and MITRE ATLAS automatically. You get a colour-coded matrix in seconds, with zero manual T-code work.
Drop in a Sigma YAML file or ZIP, paste a plain-text list of rule names or T-codes, or pick techniques manually from the full ATT&CK and ATLAS catalogue.
Covered techniques turn green. Fuzzy-matched ones turn amber. Blind spots stay grey. Use the platform filter to focus on Windows, Linux, cloud, or ML-model coverage.
Download a Navigator Layer JSON and load it in the MITRE Navigator. Save a snapshot and send the URL to your team.
ATT&CK and ATLAS data come straight from the MITRE GitHub repos each time you open the tool. You get the latest techniques without any manual updates.
The tool reads attack.t1059.001 and atlas.aml.t0000 tags directly. For rules without explicit tags, it scans for T-codes and AML codes, then falls back to keyword matching against technique names.
Switch between MITRE ATT&CK Enterprise and MITRE ATLAS in one workspace. Both frameworks share the same ingestion pipeline, so you upload your rules once and check coverage for both.
The export button generates a v4.5 Layer JSON that opens directly in the official MITRE Navigator. Covered techniques get a score of 100, fuzzy matches get 50.
There is no server. Your rules and detections stay on your machine. If you want to sync across devices or share a link with your team, you can connect an InstantDB app.
Save your coverage state at any point and come back to it later. With InstantDB configured, snapshots sync across devices and each workspace gets a shareable URL.