AllKQLtoHTML

4.5

docs/report_navigator.json

                                {

  "version": "4.5",

  "name": "Sentinel Analytics Coverage",

  "description": "Converted from Microsoft Sentinel analytic rules",

  "domain": "enterprise-attack",

  "techniques": [

    {

      "techniqueID": "T1059",

      "score": 100,

      "comment": "Curl downloading a script file (Execution, High severity)"

    },

    {

      "techniqueID": "T1059.001",

      "score": 100,

      "comment": "Curl downloading a script file"

    },

    {

      "techniqueID": "T1059.003",

      "score": 100,

      "comment": "Curl downloading a script file"

    },

    {

      "techniqueID": "T1059.004",

      "score": 100,

      "comment": "Curl downloading a script file"

    },

    {

      "techniqueID": "T1059.005",

      "score": 100,

      "comment": "Curl downloading a script file"

    },

    {

      "techniqueID": "T1059.006",

      "score": 100,

      "comment": "Curl downloading a script file"

    },

    {

      "techniqueID": "T1059.007",

      "score": 100,

      "comment": "Curl downloading a script file"

    },

    {

      "techniqueID": "T1204",

      "score": 100,

      "comment": "Curl downloading a script file"

    },

    {

      "techniqueID": "T1204.002",

      "score": 100,

      "comment": "Curl downloading a script file"

    },

    {

      "techniqueID": "T1082",

      "score": 30,

      "comment": "Multiple network discovery commands (Low severity)"

    },

    {

      "techniqueID": "T1016",

      "score": 30,

      "comment": "Multiple network discovery commands"

    },

    {

      "techniqueID": "T1049",

      "score": 30,

      "comment": "Multiple network discovery commands"

    },

    {

      "techniqueID": "T1018",

      "score": 30,

      "comment": "Multiple network discovery commands"

    },

    {

      "techniqueID": "T1069",

      "score": 30,

      "comment": "Multiple network discovery commands"

    },

    {

      "techniqueID": "T1069.001",

      "score": 30,

      "comment": "Multiple network discovery commands"

    },

    {

      "techniqueID": "T1033",

      "score": 30,

      "comment": "Multiple network discovery commands"

    },

    {

      "techniqueID": "T1219",

      "score": 10,

      "comment": "Suspicious Remote Access Tool activity (Informational)"

    }

  ],

  "gradient": {

    "colors": ["#ffffff", "#ff6666"],

    "minValue": 0,

    "maxValue": 100

  },

  "legendItems": [

    {

      "label": "High severity detection",

      "color": "#ff0000"

    },

    {

      "label": "Low severity detection",

      "color": "#ff9999"

    },

    {

      "label": "Informational detection",

      "color": "#ffe6e6"

    }

  ]

}