Detection Use Case Management

MaGMa Framework

Organize your detection capabilities from business objectives to implementation. Connect ATT&CK threats to D3FEND defenses with actionable detection rules.

FI-ISAC Documentation

Framework Overview

10
L1 Business
22
L2 Threats
25
L3 Rules
8
Free Access

The Three-Layer Hierarchy

L1 - Business

Business objectives and risk-based use cases that drive detection priorities. Aligned with compliance frameworks.

L2 - Threat

Threat-level use cases mapped to ATT&CK techniques and D3FEND countermeasures. Bridges business to technical.

L3 - Implementation

Concrete detection rules (Sigma, KQL, SPL) with data sources, test cases, and false positive guidance.

Use Case Library

How MaGMa Integrates with Purple Team

ATT&CK Mapping

Every L2 use case maps to specific ATT&CK techniques, connecting your detections to adversary behaviors.

Explore ATT&CK Hub

D3FEND Mapping

Each use case connects to D3FEND defensive techniques, showing how your detections support defense-in-depth.

Explore D3FEND Hub

Purple Team Coverage

Use the Purple Team Matrix to see how your MaGMa use cases contribute to overall detection coverage.

View Purple Matrix

Compliance Tracking

L1 use cases link to compliance frameworks (PCI-DSS, HIPAA, SOX), helping demonstrate regulatory coverage.

Filter by framework in the hierarchy above

Learn MaGMa in Depth

Module 5 of our Purple Team Detection Engineering course covers the complete MaGMa workflow: from creating business use cases to implementing and validating detection rules.

L1 Business Use CasesL2 Threat MappingL3 Rule ImplementationAI-Powered Generation

Unlock All Detection Rules

Premium members get full access to all 25 detection rules, compliance mapping exports, AI-powered rule generation, and integration with your SIEM.