Detector Explorer🔗

Taegis Detector Explorer lets you browse the full list of Taegis detectors and countermeasures and provides details of each, including the detection logic explanation and associated MITRE tactics and techniques.

Access Detector Explorer🔗

To access Detector Explorer, select Detections from the Taegis Menu and choose Detector Explorer.

The Explore Detectors and Countermeasures panel displays a list of all detectors with summarized description, detector type, severity rating associated with the detector, and when it was last updated.

Filter Detector Explorer🔗

Use the collapsible filter menu at the left of the table to narrow down the list of matching detectors by the following criteria:

Rule Type: Filter detectors based on the following Taegis detection rule types:
- Watchlist: For more information on watchlists, see Detector Overview.
- Custom: Rules you created using Taegis custom detection rules.
- Advanced Detections: Taegis proprietary advanced detection rules. For more information, see Detector Overview.
- Tactic Graphs: Taegis proprietary Tactic Graphs.
CVE: Expand the CVE filter to see a list of CVE IDs. Search for a CVE using the search field in the filter and then select a CVE to filter the detectors list.
MITRE ATT&CK: Expand the MITRE ATT&CK filter to see the full and current MITRE Enterprise Matrix detector coverage. Search for tactics and techniques using the search field in the filter and then select one or more to filter the detectors list.

Tip

This filter can help you see areas to expand coverage using custom rules. Use the corresponding Techniques column in the table to view coverage to the sub-technique level.
Severity: Expand the Severity filter and select one or more severities to filter the detectors list.

Detector Summary🔗

Select a detector from the Browse Detectors and Countermeasures list to view its summary in a new tab.

Detector Details🔗

The Detector Details section displays details about the detector, including when it was last updated and the severity associated with it. If there is an associated Malware Family, this also displays.

MITRE Categories🔗

The MITRE Categories section displays all MITRE tactics and techniques associated with the detector. Select the technique to open the MITRE website with details on the specified technique.

Detection Logic Explanation🔗

The Detection Logic Explanation section breaks down how the detection is triggered and the events or conditions that are prerequisite to it being triggered.

Malware Family🔗

Select the Malware Family name in the Detector Details section when available. This opens a side panel with details of the Malware Family and any associated Threat Groups and Threat Reports.