Detection Coverage
Generated: 2026-05-14T12:28:25Z
Headline numbers
- Curated v1.0 detections:
416(target: ≥ 300) - Total rules considered:
1052(quality floor: 0.55) - Unique MITRE techniques covered:
118
Coverage by buyer family
| Family | Count | Target | Covered |
|---|---|---|---|
| Ransomware | 48 | ≥ 25 | ✅ |
| Credential Access | 84 | ≥ 25 | ✅ |
| Lateral Movement | 33 | ≥ 25 | ✅ |
| Data Exfiltration | 41 | ≥ 25 | ✅ |
| Cloud | 100 | ≥ 25 | ✅ |
| Identity | 100 | ≥ 25 | ✅ |
| Supply Chain | 36 | ≥ 25 | ✅ |
| Kubernetes / Containers | 73 | ≥ 25 | ✅ |
Distribution
By tier
imported: 42native: 374
By severity
critical: 99high: 208low: 6medium: 103
By category
_migrated: 1application: 29cloud: 164data-exfil: 20endpoint: 117identity: 73network: 12
How to audit
The curated rule IDs are listed in marketplace/curated.json under each family. Every entry has a path field pointing at the on-disk YAML. Run pnpm marketplace:curate --check in CI to enforce drift; run python3 scripts/curate_detections.py locally to regenerate.