Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

MITRE Heat Map Calculations

The colors in the MITRE heat maps are calculated based on the number of rule mappings to a tactic or technique plus the level of mapping confidence (low, medium, or high).

The more rules that map to the technique, the darker the hue of color. Only enabled rules are included in the calculation; disabled mappings do not contribute to the colors in the heat map. Building blocks do not directly contribute to the colors either; they contribute to the coloring only through the rules that reference them. For example, if the report lists building blocks only and Rules in the report is set to On in the coverage heat map, the map doesn't show any coloring because there are no rules in the report.

After QRadar Use Case Manager calculates the numbers for all the techniques and tactics, the maximum number that is associated with a technique and the maximum number that is associated with a tactic are determined:

  • All techniques or tactics whose number is ≥ 66% of the maximum technique number are mapped to the darkest color.

  • All techniques or tactics whose number is ≥ 33% and < 66% of the maximum technique number are mapped to the mid-range color.

  • All techniques or tactics whose number is > 0 and < 33% of the maximum technique number are mapped to the lightest color.