Skip to content

Detector Explorer ๐Ÿ”—

Taegis Detector Explorer lets you browse the full list of Taegis detectors and countermeasures and provides details of each, including the detection logic explanation and associated MITRE tactics and techniques.

Note

Currently, Detector Explorer only shows event filter watchlist rules, but a future release will expand the list to include Yara rules and advanced detectors.

Access Detector Explorer๐Ÿ”—

To access Detector Explorer, ensure you are opted in to Preview mode, select Detections from the Taegis Menu and choose Detector Explorer.

Explore Detectors and Countermeasures

The Explore Detectors and Countermeasures panel displays a list of all detectors with summarized description, detector type, severity rating associated with the detector, and when it was last updated.

Filter Detector Explorer๐Ÿ”—

Use the collapsible filter menu at the left of the table to narrow down the list of matching detectors by the following criteria:

  • CVE โ€” Expand the CVE filter to see a list of CVE IDs. Search for a CVE using the search field in the filter and then select a CVE to filter the detectors list.
  • MITRE Technique โ€” Expand the MITRE Technique filter to see a list of techniques. Search for a technique using the search field in the filter and then select one or more techniques to filter the detectors list.
  • Severity โ€” Expand the Severity filter and select one or more severities to filter the detectors list.

Filter Detectors

Detector Summary๐Ÿ”—

Select a detector from the Browse Detectors and Countermeasures list to view its summary in a new tab.

Detector Summary

Detector Details๐Ÿ”—

The Detector Details section displays details about the detector, including when it was last updated and the severity associated with it. If there is an associated Malware Family, this also displays.

MITRE Categories๐Ÿ”—

The MITRE Categories section displays all MITRE tactics and techniques associated with the detector. Select the technique to open the MITRE website with details on the specified technique.

Detection Logic Explanation๐Ÿ”—

The Detection Logic Explanation section breaks down how the detection is triggered and the events or conditions that are prerequisite to it being triggered.

Malware Family๐Ÿ”—

Select the Malware Family name in the Detector Details section when available. This opens a side panel with details of the Malware Family and any associated Threat Groups and Threat Reports.

Malware Family