Event category and field distribution over ATT&CK techniques Analysis of Elastic detection-rules, showing event types and field distribution per technique. The full results are represented in the file below (fields_by_technique.json) The structure is: "library": { # event.category (generic if event.category not defined) "fields": { # field distribution for that event.category within that technique "dll.code_signature.status": "100.00%", # field with percentage "dll.code_signature.trusted": "1...
