Close this search box.


XDR Kill Chain™

See everything, detect everything

The XDR Kill Chain is a fully compatible MITRE ATT&CK framework kill chain that is designed to characterize every aspect of modern attacks while remaining intuitive to understand. All Stellar Cyber Alert Types are aligned to the XDR Kill Chain out of the box, so you can start detecting full attack progressions, immediately.
XDR Kill Chain Design
Older kill chains like the Lockheed Martin Cyber Kill Chain are outdated, but newer frameworks like MITRE ATT&CK, while powerful, do not fully characterize attacks in a way that an XDR platform requires. The XDR Kill Chain solves these problems and is purpose-built for XDR.

XDR Malware

Covers all malware-related detections

XDR Intel

Covers all threat intelligence-related detections

XDR User Behavior Analytics (UBA)

Covers user anomaly detections

XDR Network Behavior Analytics (NBA)

Covers network anomaly detections

XDR Endpoint Behavior Analytics (EBA)

Covers all host-based anomaly detections

XDR Sensor Behavior Analytics (SBA)

Covers injection anomaly detections on the operational side
Next Gen SIEM

Key Features

Stellar Cyber has a number of features that collect data, take
response through source tools and send data to other systems.

Map Your Own Alert Types

User defined Automated Threat Hunting alerts can be mapped onto the XDR Kill Chain so that organization specific alerts can live alongside out-of-the-box Stellar Cyber alerts.

SIEM alternatives


Stages, Tactics and Techniques are often not enough to make the most productive use of a kill chain. The XDR Kill Chain comes with robust tagging functionality built in so analysts can further organize alerts for prioritization.

Open XDR security services

Intuitive To Understand

Five top-level stages wrap dozens of MITRE ATT&CK’s tactics and hundreds of detailed techniques so security analysts can better mentally position alerts in the broader context of risk and attacks.

cloud detection and response

Delineates External vs. Internal Alerts

Alerts that represent activity via external actors vs. internal actors significantly affect prioritization. The XDR Kill Chain tags alerts accordingly to make it easy to understand context and generate Incidents more effectively.