This matrix maps your deception coverage against the MITRE ATT&CK framework — the industry standard catalog of adversary tactics and techniques. Each row is an ATT&CK tactic (what the attacker is trying to do), containing techniques (how they do it).
The color of each technique shows your coverage status:
Active Detections (green) — A real adversary has triggered this technique against your honeypots. You have confirmed detection capability.
Decoy Deployed (yellow) — A deception asset covers this technique but no adversary has triggered it yet. Coverage is in place, awaiting activity.
Coverage Available (purple) — A decoy template exists for this technique but hasn't been deployed. You can add coverage with one click.
Coverage Gap (gray) — No deception coverage exists for this technique. Consider whether this is a risk for your environment.