# Workspace
The Workspace provides insights into your current detective control coverage. It helps your analyst,
purple team, or detection engineer will spend most of their time learn about,
test, measure, and track all the tactics, techniques, and Procedures associated with your project.
As data populates the Workspace (see Procedure group and Procedure details, below), it updates the
two summary charts in real time. These charts illustrate what coverage you have at
each major visibility level and at each phase of the cyber kill chain. They also allows you to understand
where there might be major breakdowns and prioritize remediation, update tools, and/or update staff.
## Overall Coverage Summary
The Overall Coverage Summary graph shows a breakdown of percentages or a count of your missed vs covered Procedures.
- Select the hamburger menu to print the chart, or download an image file of the
graph (PNG, JPEG, PDF, and SVG options).
- Hover over any bar to put focus on the overall coverage summary by missed or covered procedures.
## Overall Coverage Summary by Tactic
The Overall Coverage Summary by Tactic graph shows your coverage in either percentage or count by tactic.
- In the upper
right-hand corner, you can select different graph views (bar, horizontal bar plot, scatter plot, and radar).
- Select the hamburger menu to view the chart in full screen, print the chart, or download an image or CSV file of
the graph.
- Hover over any bar to put focus on a specific status for all the tactics.
## Procedure group table (lower left quadrant)
The Procedure group table displays procedures grouped by attack flow or MITRE attack tactics.
Here you can:
- Search the Tactics, Techniques, and Procedures (TTP) Coverage table to view and edit existing procedures
- Export/download the procedures in any of the following formats: CSV, JSON, and PDF by selecting the
export  icon
- Select the expand icon to the left of an individual procedure group to expand and display the individual procedures
in the group.
## Procedure details group (lower right quadrant)
Use the following steps to access the Procedure details group.
1. Select any row in the Procedure group table to display details for that procedure in the right lower
quadrant of the page. It encompasses five tabs of organized procedure details: Run, Overview,
Activity Log, and Files.
2. Use the table controls in the top right corner to expand
, contract
, or close
 the group.
The information included in each tab is described below.
### Run tab
The Run tab provides data on a specific tactic (Persistence in the example below) with the specific procedure
referenced below it.
You can mark the procedure as an acceptable risk, check the procedure level status, and view the procedure's data
sources.
!!!
Levels are your visibility into what you can see and to what degree in the BAS plays.
- Is the activity logged?
- Does that log feed into detection? (Indicating there's something unusual happening in your environment but we're
not sure if it's bad or not.)
- Is that detection flowing into an alert that should have someone react to it?
- Is that alert triggering some type of response ticket to the incident response team to trigger a triage action?
- One resolved, are prevention measures put in place to prevent future breaches of this nature?
!!!
#### Editing the Run tab options
You can edit the Run tab to update the accepted risk, detection levels, and data sources.
1. Select the Edit icon in the upper right corner of the Run tab to enter edit mode.
2. Make one or more of the following edits as needed:
- Select or clear the **Accepted Risk** button to indicate a vulnerability can be marked as an "Accepted Risk" and
will no longer appear as a threat in need of remediation.
- Select the button beneath any/all of the Levels options to indicate to what degree you prefer a discovered
vulnerability should be logged, detected, alerted, responded, or prevented.
- Select the **Add Row** bar button in the Data Sources field group to add one or more data source details
- Add a comment in the Comment field to document your editing choices, using the full text editor that supports
text formatting, including code snippets, image uploads, links, tables, and timestamps.
3. Select **Save** to save your changes.
!!!Note
See the [BAS glossary](/glossary/) for further details and definitions of the terms above.
!!!
### Overview tab
The Overview tab contains educational information on what the attack is, why it's meaningful, how to
execute it manually, and how to develop detections for it.
It includes the name of the Procedure, the Detection Coverage levels and their
statuses, description, business impact, verification instructions, references and tags associated with that Procedure.
The tags information supplied here tells you why you should care about this particular play. Types of tags
that display here are grouped in to categories that are associated with the selected Procedure:
Global, Threat Actor, and Tool and Malware.
### Activity Log tab
When you run a play the Activity Log tracks all your play executions. This tab shows a history of the selected
Procedure. It also allows you to add and view comments.
1. Select the BAS Comment icon to display a Comment field with rich text editing and support
for adding links and uploading images.
2. Once you complete entering your comment, select **Post** to close the field with your comment displayed.
### Files tab
The Files tab is where you upload files related to the procedure.
