Mobula · MITRE ATT&CK Navigator

Know your
coverage and gaps.

Mobula maps every detection to the MITRE ATT&CK framework in real time. A live heatmap shows where threats are clustering, where you have coverage, and where your blind spots are.

Tactics mapped

193

Techniques tracked

Live

From your alerts

MITRE ATT&CK Navigator

Recon

T1595

Active Scan

T1592

Host Info

T1589

Person Info

Initial Access

T1566

Phishing

T1190

Exploit Pub

T1078

Valid Accts

Execution

T1059

CLI/Script

T1204

User Exec

T1047

WMI

Persistence

T1547

Boot Logon

T1053

Sched Task

T1136

New Account

Priv Esc

T1055

Proc Inject

T1068

Exploit

T1548

Sudo

Defense Eva

T1562

Impair Def

T1070

Indicator Rm

T1036

Masquerade

Cred Access

T1110

Brute Force

T1558

Kerberoast

T1003

OS Cred Dump

Lateral Mov

T1021

Remote Svcs

T1570

Lateral Tool

T1550

Alt Auth

Exfiltration

T1567

Web Service

T1048

Alt Protocol

T1030

Data Split

No alertsLowMediumHighCritical

Click any technique to drill into the alerts

Every colored cell is a live link to the alerts behind it. Click T1566 - Phishing and you get every phishing alert in your environment, filtered and ready to triage.

ATT&CK Navigator / T1566 · Phishing

T1566 · Phishing — 47 alerts in last 30 days

T1566.001Spearphishing Attachment31 alertsHIGH

T1566.002Spearphishing Link12 alertsMED

T1566.003Spearphishing via Service4 alertsLOW

Top techniques by alert volume

The navigator ranks which ATT&CK techniques are generating the most activity in your environment right now - so you know where to focus your detection tuning.

ATT&CK Navigator / Top Techniques - Last 30 Days

Most active techniques in your environment

T1059.001PowerShell142 alertsCRIT

T1566.001Spearphishing Attachment98 alertsHIGH

T1110Brute Force87 alertsHIGH

T1078Valid Accounts64 alertsHIGH

T1562.001Disable or Modify Tools51 alertsMED

T1021.001Remote Desktop Protocol44 alertsMED

Coverage gaps, surfaced automatically

Mobula identifies ATT&CK techniques that have no detection coverage in your environment - so you can prioritize where to add rules before an attacker finds the same gap.

ATT&CK Navigator / Coverage Gaps

Defense EvasionT1027 · Obfuscated Files or InformationNO COVERAGE

CollectionT1056 · Input CaptureNO COVERAGE

Command & ControlT1095 · Non-Application Layer ProtocolNO COVERAGE

PersistenceT1505 · Server Software ComponentNO COVERAGE

Coverage · Gaps · Live data

See your entire threat surface - mapped to ATT&CK.

Stop guessing about coverage. Mobula's MITRE Navigator tells you exactly what you detect, what you miss, and where attackers are active right now.

Mobula MITRE Navigator · updated in real time from live alerts