Phoenix
Sigma IntelligenceBeta
Analytics

Coverage

Intelligence metrics across 3,731 Sigma rules in the library.

3,731
Total Rules
3,132
Detection
457
Emerging Threats
139
Threat Hunting
Top Products
windows
2,839
linux
243
azure
131
macos
75
aws
55
gcp
26
opencanary
24
zeek
24
okta
23
m365
21
rpc_firewall
17
cisco
17
kubernetes
16
github
15
bitbucket
14
Top Log Categories
process_creation
1,619
file_event
241
registry_set
224
ps_script
178
image_load
123
webserver
82
network_connection
66
application
64
proxy
55
registry_event
41
ps_module
34
process_access
29
dns_query
27
pipe_created
20
create_remote_thread
15
By Severity Level
critical
174
high
1,709
medium
1,483
low
337
informational
28
By Status
stable
104
test
3,333
experimental
294
deprecated
0
unsupported
0
By Rule Type
detection3,132
emerging threat457
threat hunting139
compliance3
Top Techniques
T1059.001
219
T1218
153
T1190
146
T1562.001
131
T1112
94
T1027
94
T1059
93
T1574.001
92
T1105
87
T1003.001
79
T1548.002
56
T1078
55
T1047
51
T1053.005
51
T1543.003
47
T1059.003
45
T1569.002
43
T1218.011
43
T1071.001
41
T1078.004
40
MITRE ATT&CK Tactic CoverageFull Matrix →
TA00051599
Defense Evasion
TA0002894
Execution
TA0003851
Persistence
TA0004755
Privilege Escalation
TA0006383
Credential Access
TA0001343
Initial Access
TA0011306
Command and Control
TA0007262
Discovery
TA0040166
Impact
TA0008164
Lateral Movement
TA0009126
Collection
TA001090
Exfiltration
TA004239
Resource Development
TA004326
Reconnaissance

Field Explorer

Explore top detection fields, modifier patterns, and most-targeted values per logsource - great for logging coverage and SIEM field mapping.