Red Canary now uses MITRE's ATT&CK framework as our common language for adversary tactics and techniques that your organization faces. You can learn more about this transformation in these posts:

All 800+ Red Canary detectors have been mapped to the ATT&CK techniques they hunt for and identify. This allows us to show the detectors, techniques, and tactics in play for each detection.

This launch unlocks several new views in your Red Canary portal.

Detection Updates

The Endpoint and Endpoint User involved in a detection are now reported at the top of your detection. If the detection affects your CEO's laptop or domain controllers, that along with threat classification is most important.

Observed Tactics

The tactics involved with each detection are listed alongside the associated techniques and Red Canary detectors.

ATT&CK Matrix

Clicking View in ATT&CK Matrix displays a full ATT&CK matrix with the detection's techniques highlighted. This view can be helpful to screenshot and compare with others using ATT&CK matrices.

Contributing Intelligence

Though the large majority of our detections are due to purely behavioral detectors, we felt it was important to clearly show what types of intelligence were used in each detection. The Contributing Intelligence section now displays this information.

Detector Categories

The detector categories displayed in the what our engine observed section exists in a collapsed panel and will be decommissioned in the coming weeks.


Reporting Updates

The Detections by Observed Tactic report replaces the soon to be decommissioned Detection report and displays the number of potentially threatening events and confirmed detections identified by Observed Tactic. Expanding any row shows the detections involved that tactic.

Did this answer your question?