Defense: Executive Risk And Coverage Report
Draft
Level: Complex Platform Workflows
Goal: Produce an executive report showing threat relevance and coverage posture.
Real-Life Scenario
A CISO asks for a non-technical view of which relevant threats are covered, which MITRE areas are weak, and what investments should come next.
When To Use This
Use this workflow when you need an end-to-end platform workflow across multiple AdversaryGraph modules and want the output to remain traceable to evidence.
Steps
- Select sector and environment context.
- Generate relevant actor and TTP view.
- Import current detection coverage layer.
- Compare threat-relevant TTPs to coverage.
- Identify top uncovered tactics and techniques.
- Summarize actor relevance without unsupported attribution.
- Add IOC and enrichment examples only when useful.
- Create visuals: matrix layer, coverage gap, actor list.
- Export PDF with assumptions, confidence, and next actions.
- Translate technical gaps into roadmap priorities.
Expected Result
Executive-ready risk and MITRE coverage report with clear next actions.
Review Notes
- Keep source labels and evidence attached to every accepted result.
- Treat actor matches, enrichment hits, and matrix overlap as analytical signals until corroborated.
- Export only reviewed findings for customer, SOC, detection engineering, or executive use.
Platform Areas Used
- Operations / Pipeline
- AI Analysis
- ATT&CK Group Library
- IOC Library
- VirusTotal / OTX / ThreatFox / Malpedia enrichment where configured
- Reference Sync
- Navigator matrix
- PDF, JSON, CSV, STIX, and Navigator exports as needed