Skip to content

Detection Browser 🔗

Taegis Detection Browser allows you to browse the full list of Taegis detectors and countermeasures and provides details of each, including the detection logic explanation and associated MITRE tactics and techniques.

Note

Currently, Detector Browser only shows event filter watchlist rules, but a future release will expand the list to include Yara rules and advanced detectors.

Access Detection Browser🔗

To access Detection Browser:

  1. Ensure you are opted in to Preview mode.
  2. Select Detection Browser from the Taegis Menu.

Browse Detectors and Countermeasures

The Browse Detectors and Countermeasures panel displays a list of all detectors with summarized description, detector type, severity rating associated with the detector, and when it was last updated.

Filter Detection Browser🔗

Use the collapsible filter menu at the left of the table to narrow down the list of matching detectors by the following criteria:

  • CVE — Expand the CVE filter to see a list of CVE IDs. Search for a CVE using the search field in the filter and then select a CVE to filter the detectors list.
  • MITRE Technique — Expand the MITRE Technique filter to see a list of techniques. Search for a technique using the search field in the filter and then select one or more techniques to filter the detectors list.
  • Severity — Expand the Severity filter and select one or more severities to filter the detectors list.

Filter Detectors

Detector Summary🔗

Select a detector from the Browse Detectors and Countermeasures list to view its summary in a new tab.

Detector Summary

Detector Details🔗

The Detector Details section displays details about the detector, including when it was last updated and the severity associated with it. If there is an associated Malware Family, this also displays.

MITRE Categories🔗

The MITRE Categories section displays all MITRE tactics and techniques associated with the detector. Select the technique to open the MITRE website with details on the specified technique.

Detection Logic Explanation🔗

The Detection Logic Explanation section breaks down how the detection is triggered and the events or conditions that are prerequisite to it being triggered.

Malware Family🔗

Select the Malware Family name in the Detector Details section when available. This opens a side panel with details of the Malware Family and any associated Threat Groups and Threat Reports.

Malware Family