Skip to content

Improve detection telemetry readiness gates#1418

Open
MAUROCERON wants to merge 1 commit into
UnitOneAI:mainfrom
MAUROCERON:improve/detection-telemetry-health-1417
Open

Improve detection telemetry readiness gates#1418
MAUROCERON wants to merge 1 commit into
UnitOneAI:mainfrom
MAUROCERON:improve/detection-telemetry-health-1417

Conversation

@MAUROCERON
Copy link
Copy Markdown

@MAUROCERON MAUROCERON commented Jun 6, 2026

Implements #1417.

Summary

  • Adds a telemetry readiness and rule-health evidence gate before counting detection coverage as operational.
  • Adds an output matrix tying ATT&CK data components, Sigma logsource, backend target, collector health, parser fields, rule status, suppressions, retention, and coverage decision.
  • Adds edge-case fixtures for stale log sources, parser drift, disabled/failing analytics rules, overbroad suppressions, insufficient retention, and complete healthy telemetry paths.

Validation

  • Checked Markdown fence balance for the updated skill and new fixture.
  • Verified required markers: Telemetry and rule-health evidence gate, Collector/connector health, Parser and field mapping, Rule deployment health, Suppression and exception scope, Not Evaluable.
  • Verified MITRE ATT&CK, Sigma, and Microsoft Sentinel reference URLs return HTTP 200.

Payment details can be provided privately after maintainer acceptance.

@MAUROCERON MAUROCERON mentioned this pull request Jun 6, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MAUROCERON