Posture Management

Posture Management gives detection engineers and SOC leads a workspace-wide view of detection coverage. It answers three questions:

1. Where is the coverage strong? What detection content is in place and healthy.
2. Where are the gaps? Where coverage is missing, in particular against the MITRE ATT&CK framework.
3. What to work on next? Actionable opportunities to close gaps.

Posture Management aggregates data from all Security Assets and Use Cases in the workspace.

Views

Posture Management is organized into the following views, each accessible from the workspace navigation:

• Security Posture: an executive-level summary of workspace detection coverage and health.
• MITRE ATT&CK: coverage of Security Assets and Use Cases against the MITRE ATT&CK tactics and techniques.
• Detection Opportunities: a prioritized list of gaps and recommended actions.