Adversary techniques are at the core of understanding how adversaries operate, what Red Canary detects, and how we investigate those events. Red Canary brings together public information about these techniques with context specific to your organization to be your primary source of intelligence.

Learning more about an adversary technique

Information about each technique is accessible from the ATT&CK coverage matrix or anywhere else a technique is listed.

To jump to a technique:

1. Press ⌘-K or click in the top bar and type a technique name or identifier (T1234).
2. Select the desired technique from the list.
3. Press Enter.

To explore techniques from the ATT&CK matrix:

1. Click Threat Intel & Analytics > Attack Techniques.
2. Click the name of the technique you want to view.

The top left contains information from public sources, MITRE ATT&CK®, and Red Canary (if the technique is a Red Canary technique awaiting inclusion in ATT&CK). 

The Prevalence section highlights techniques that are frequently used across all of the environments that Red Canary is monitoring. Certain techniques have been a focus of Red Canary’s research and threat intelligence; these techniques will contain additional links in Dive Deeper.

Recent Detections and Recent Events list confirmed threats and potentially threatening events that have been observed using this technique in your environment.

The Red Canary Coverage section lists detection analytics (detectors) that Red Canary uses to identify behavior associated with this technique.