{
"name": "rsigma rule visibility",
"versions": {
"attack": "16",
"navigator": "5.0.0",
"layer": "4.5"
},
"domain": "enterprise-attack",
"description": "Telemetry visibility generated by rsigma; score = DeTT&CT visibility level 0-4 per technique (2 techniques).",
"sorting": 3,
"hideDisabled": false,
"gradient": {
"colors": [
"#ff6666",
"#ffe766",
"#8ec843"
],
"minValue": 0,
"maxValue": 4
},
"techniques": [
{
"techniqueID": "T1059",
"score": 4,
"comment": "excellent visibility via Process",
"enabled": true
},
{
"techniqueID": "T1112",
"score": 0,
"comment": "none visibility via Windows Registry",
"enabled": true
}
]
}