Test classification

How to map a VST to any classification system

Verified Security Tests can be mapped to classification systems, such as MITRE ATT&CK, CVE or NIST controls. Mapping tests provides a natural grouping so you can analyze results through a lens you're familiar with.

Prelude-authored VSTs are written against rules and are mapped automatically. Each rule represents a statement about the surface area of an endpoint.

To view current mappings, run the prelude detect tests command from the CLI. Below is a snippet from the results:


Test mappings displayed alongside the name

For tests you author, you can map them to additional classification systems.

Mapping a test

To map a test, use the map command in the CLI. The following command maps a test identifier to MITRE ATT&CK sub technique T1015.001:

prelude build map <TEST_ID> T1015.001

Unmapping a test

You can remove a mapping through the unmap command:

prelude build unmap <TEST_ID> T1015.001