Coverage Analyzer

Coverage Analyzer is a Stellar Cyber–developed application that provides a clear view of detection health across your environment. The application shows which tactics and techniques are currently covered and where gaps exist, using the MITRE ATT&CK framework as a baseline. This coverage comes from the combined detections of the Stellar Cyber Platform and the third-party products integrated with it.

Purpose and Value

The Stellar Cyber Coverage Analyzer reviews all detections that are currently active across your connected data sources. It then organizes and displays this information visually so you can see what is covered, what is missing, and how these results align with the MITRE ATT&CK framework. This makes it possible to understand the true scope of your defenses without having to piece together details manually.

Coverage Analyzer enables you to do the following:

  • Map detection coverage to the MITRE ATT&CK framework and quickly identify strengths and weaknesses in your security posture.

  • Highlight uncovered areas that require additional data sources or configuration changes. This knowledge lets you prepare in advance rather than discovering gaps during an incident.

  • Communicate detection gaps to security leadership, operational teams, or customers. This provides a fact-based way to explain risk and propose improvements.

  • Assess the impact of new data sources by estimating how much additional coverage a connector would add, supporting cost–benefit analysis before deployment.

  • Gain visibility into detections and playbooks already in use, including custom detections, so that you can measure completeness and prioritize where to focus efforts.

Coverage Analyzer benefits every type of user, whether you manage security operations, provide services to others, or perform day-to-day analysis. It allows all stakeholders to see the current state of detection coverage and to make informed decisions on how to strengthen it.

Access Coverage Analyzer

You can access the web-hosted application from Detections | Coverage Analyzer in the Stellar Cyber UI. This opens the following URL in a new browser tab or window:

https://coverage-analyzer.stellarcyber.cloud/

Screen capture with a partial view of the Coverage Analyzer application

To see the Coverage Analyzer link in the UI, the role-based access control (RBAC) settings of your user account must provide access to Alerts.

Configure Coverage Analyzer

Setting up Coverage Analyzer is fairly quick. Follow these steps:

  1. After accessing the application webpage, select + (Plus icon) in the Select Server panel.

    The Add New Configuration panel that appears.

    Screen capture of the "Add New Configuration" panel in the Coverage Analyzer application

  2. In the Stellar Cyber Host field, add the URL of your Stellar Cyber instance without https:// (for example: acmecorp.stellarcyber.cloud).

  3. Add a user that Coverage Analyzer will use to access your Stellar Cyber instance.

    The user account must have root scope and super_admin privileges.

  4. Configure the API token.

    Coverage Analyzer supports legacy API tokens rather than scoped API keys introduced in 5.5.0. To configure a legacy token:

    1. Log in to Stellar Cyber as a root-level user with super_admin privileges, navigate to the Users page, and edit the user account you entered in the previous step.

    2. Find the API Access setting on the Settings tab, and select Generate New Token.

    3. Copy the generated token and paste it in the API Token field here.

  5. Choose the Stellar Cyber Platform version from the drop-down list.

    All versions in the list from 4.3.0 and later are supported. Because every Stellar Cyber version has different detections, the Version you choose defines which detections the application uses.

  6. Test the setup to validate connectivity and authentication.

For more information, see Recorded Live: Maximizing MITRE and ATT&CK Visibility with Stellar Cyber's Coverage Analyzer.