Phoenix
Sigma IntelligenceBeta
Analytics

Coverage

Intelligence metrics across 3,707 Sigma rules in the library.

3,707
Total Rules
3,116
Detection
451
Emerging Threats
137
Threat Hunting
Top Products
windows
2,824
linux
241
azure
130
macos
75
aws
55
opencanary
24
zeek
24
gcp
23
okta
23
m365
20
rpc_firewall
17
cisco
16
github
15
kubernetes
15
bitbucket
14
Top Log Categories
process_creation
1,607
file_event
239
registry_set
224
ps_script
178
image_load
122
webserver
82
network_connection
66
application
64
proxy
55
registry_event
41
ps_module
34
process_access
29
dns_query
27
pipe_created
19
create_remote_thread
15
By Severity Level
critical
171
high
1,701
medium
1,473
low
334
informational
28
By Status
stable
104
test
3,332
experimental
271
deprecated
0
unsupported
0
By Rule Type
detection3,116
emerging threat451
threat hunting137
compliance3
Top Techniques
T1059.001
217
T1218
152
T1190
146
T1562.001
127
T1059
95
T1112
94
T1027
94
T1574.001
91
T1105
86
T1003.001
78
T1548.002
56
T1078
54
T1053.005
51
T1047
50
T1543.003
47
T1059.003
45
T1569.002
43
T1218.011
43
T1071.001
41
T1036
40
MITRE ATT&CK Tactic CoverageFull Matrix →
TA00051583
Defense Evasion
TA0002889
Execution
TA0003846
Persistence
TA0004748
Privilege Escalation
TA0006377
Credential Access
TA0001340
Initial Access
TA0011305
Command and Control
TA0007259
Discovery
TA0040163
Impact
TA0008162
Lateral Movement
TA0009124
Collection
TA001090
Exfiltration
TA004239
Resource Development
TA004326
Reconnaissance

Field Explorer

Explore top detection fields, modifier patterns, and most-targeted values per logsource - great for logging coverage and SIEM field mapping.