Setup And Configuration
Vendors are responsible for setup of their tool. The evaluation is constrained to testing detection capabilities, so all vendors are required to turn off protections, preventions, etc., to the best of their abilities to ensure the evaluation can be executed. Any change to the default tool configuration is noted and reported to MITRE, to include rule configuration, alert sensitivities, and cloud configurations, among other possibilities. The vendor provides version numbers as well as a description of configuration changes for MITRE to include in the final report.
Tool configuration and updates are not allowed after the evaluation phase begins, barring misconfigurations that limit the ability for MITRE to complete the evaluation. If a vendor modifies tool configuration, we note this in the results.
If the range requires additional modifications to enable the vendor to successfully deploy their tool for evaluation, MITRE notes these modifications in the final report.