New Detection Rules and MITRE ATT&CK Coverage

Good morning community!

With the implementation of the new Detection Rules section of IDR, I would love to hear your feedback about how the correlation of IDR’s Attacker Behavior Analytics and the MITRE ATT&CK Coverage is helpful for you! Also…oh yeah there is an also, where else in the IDR platform would you find value with similar correlation and information? All thoughts are welcome, and if you can provide examples of how this is helpful to you and your team would be outstanding.

Do I understand this correctly, that IDR does not detect…

  1. Scanning IP Blocks-T1595.001
  2. Vulnerability Scanning-T1595.002

I have NTA. Does NTA not detect this either? Any plans to detect this?