Mirrors/marcredhat-siem-toolkit-patched
1
0
Fork 0
mirror of https://github.com/marcredhat/SIEM-toolkit-patched synced 2026-06-10 21:31:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f82115143c646f8ae9977bbadb6b61975afcf705
marcredhat-siem-toolkit-pat…/backend/routers
T
History
marc f82115143c Health Score: cap MITRE Coverage at 100% by canonicalising tactics 
STAR rules sometimes label tactics with non-canonical names (e.g. 'Stealth',
'Defense Impairment') which were counted as distinct tactics on top of the
14 canonical ATT&CK Enterprise ones, producing percentages > 100%
(observed 15/14 = 107.1% on Purple AI tenant).

Fix in get_health_score():
  - Restrict covered_tactics to the 14 canonical ATT&CK Enterprise tactics.
  - Map known STAR aliases ('Stealth', 'Defense Impairment') -> 'Defense Evasion'.
  - Derive TOTAL_TACTICS from the canonical set (single source of truth).

Result: tactics_covered = 14, mitre_pct = 100.0 (was 15 / 107.1).
2026-05-22 19:41:48 +02:00
..
__init__.py
Initial commit: SIEM Toolkit for SentinelOne
2026-05-19 11:39:26 -04:00
coverage.py
Health Score: cap MITRE Coverage at 100% by canonicalising tactics
2026-05-22 19:41:48 +02:00
ingest.py
Sync upstream features; preserve fork KV scanner, parsers, verifier
2026-05-22 18:19:52 +02:00
quality.py
Parser Test Runner: filter non-parser SDL artefacts from dropdown
2026-05-22 19:36:58 +02:00
query.py
Add health score, coverage trends, dependency map, PowerQuery playground, onboarding tracker
2026-05-22 11:09:43 -04:00
settings.py
Add unlabelled event detection, stub parser quality, Sync All, and modern UI redesign
2026-05-22 10:00:21 -04:00