28/35 technique coverage — with evidence.
The MITRE ATT&CK Enterprise techniques ShamashAi detects, in one matrix. Green = native (parser + risk + correlation chain). Yellow = raw log captured + alert rule preset shipped. Blue = roadmap. Blank = out of scope.
New: every ATT&CK technique chip is clickable inside the product — events list, event detail and the alert-rule form show the relevant technique chips for the selected match_event_type and link out to attack.mitre.org.
Native
The full chain — parser → canonical event → risk multiplier → correlation — is in place. Detection is deterministic; the "Why this score" list is auditable.
Partial
Raw syslog is captured and a matching alert-rule preset is shipped. The customer enables it to trigger detection; silent by default.
Roadmap
On the v1.5 / v2.0 roadmap. Customers who specifically need it can get early-access under the pilot SOW.
For a tailored ATT&CK coverage report
Under the pilot SOW we produce a customer-specific ATT&CK mapping — which technique is satisfied by which event_type / alert rule / runbook, with the evidence embedded in the evidence pack.
