marcredhat-siem-toolkit-patched

mirror of https://github.com/marcredhat/SIEM-toolkit-patched synced 2026-06-10 21:31:19 +00:00

Files

T

marc f82115143c Health Score: cap MITRE Coverage at 100% by canonicalising tactics

STAR rules sometimes label tactics with non-canonical names (e.g. 'Stealth',
'Defense Impairment') which were counted as distinct tactics on top of the
14 canonical ATT&CK Enterprise ones, producing percentages > 100%
(observed 15/14 = 107.1% on Purple AI tenant).

Fix in get_health_score():
  - Restrict covered_tactics to the 14 canonical ATT&CK Enterprise tactics.
  - Map known STAR aliases ('Stealth', 'Defense Impairment') -> 'Defense Evasion'.
  - Derive TOTAL_TACTICS from the canonical set (single source of truth).

Result: tactics_covered = 14, mitre_pct = 100.0 (was 15 / 107.1).

2026-05-22 19:41:48 +02:00

routers

Health Score: cap MITRE Coverage at 100% by canonicalising tactics

2026-05-22 19:41:48 +02:00

services

Cherry-pick improvements from PR #2 (marcredhat)

2026-05-22 10:11:42 -04:00

db.py

Add health score, coverage trends, dependency map, PowerQuery playground, onboarding tracker

2026-05-22 11:09:43 -04:00

Dockerfile

Initial commit: SIEM Toolkit for SentinelOne

2026-05-19 11:39:26 -04:00

main.py

Add health score, coverage trends, dependency map, PowerQuery playground, onboarding tracker

2026-05-22 11:09:43 -04:00

requirements.txt

Initial commit: SIEM Toolkit for SentinelOne

2026-05-19 11:39:26 -04:00