Dashboard v0.1

ASD Essential Eight — Detection Coverage Overview

GitHub Browse all rules
v0.1 — baseline coverage. All 8 controls have at least one rule. Controls with 1 rule are marked for expansion in v0.2. See roadmap →
12
Detection Rules
8
E8 Controls Covered
8
High / Critical Rules
8/8
Coverage
Coverage by Control
E8-01
Application Control
2
rules
ML1 ML2 high
E8-02
Patch Applications
1
rule
ML1 high
E8-03
Configure Microsoft Office Macro Settings
2
rules
ML1 high
E8-04
User Application Hardening
2
rules
ML1 high
E8-05
Restrict Administrative Privileges
2
rules
ML1 ML2 high
E8-06
Patch Operating Systems
1
rule
ML2 medium
E8-07
Multi-Factor Authentication
1
rule
ML2 high
E8-08
Regular Backups
1
rule
ML1 critical
Rules
View all →
Control ML Level Title Log Source
E8-01 ML2 high LOLBAS Proxy Execution Bypassing Application Control (E8-01) windows / process_creation
E8-01 ML1 medium Executable Launched from User-Writable Path (E8-01 Application Control Bypass) windows / process_creation
E8-02 ML1 high Browser Spawns Shell Process - Possible Unpatched App Exploitation (E8-02) windows / process_creation
E8-03 ML1 high Microsoft Office Application Spawns Shell or Script Process (E8-03) windows / process_creation
E8-03 ML1 high Microsoft Office Writes Executable or Script to Disk (E8-03) windows / file_event