A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.
Decider is a tool to help analysts map adversary behavior to the MITRE ATT&CK framework. Decider makes creating ATT&CK mappings easier to get right by walking users through the mapping process. It does so by asking a series of guided questions about adversary activity to help them arrive at the correct tactic, technique, or subtechnique. Decider has a powerful search and filter functionality that enables users to focus on the parts of ATT&CK that are relevant to their analysis. Decider also has a cart functionality that lets users export results to commonly used formats, such as tables and ATT&CK Navigator™ heatmaps.
(you are here)[Matrix > Tactic] > Technique > SubTechnique
Boolean expressions, prefix-matching, and stemming included.
This project makes use of MITRE ATT&CK - ATT&CK Terms of Use
Read the User Guide
Best option for 99% of people
git clone https://github.com/cisagov/decider.git
cd decider
cp .env.example .env
[sudo] docker compose up
sudo for Linux only
It is ready when Starting uWSGI appears
Then visit <http://localhost:8001/>
(Port is set by .env WEB_PORT)
Default Login:
And note: Postgres stores its data in a Docker volume to persist the database.
Read the Admin Guide
There are some issues in the instructions… Working on it, simplifying them
Help Tips:
sudo
with python
- it won’t keep the venv you’re in by defaultbrew install postgresql
github.com/cisagov/decider
github.com/cisagov/decider/blob/develop/docs/Decider_Admin_Guide_v1.0.0.pdf
github.com/cisagov/decider/blob/develop/docs/Decider_User_Guide_v1.0.0.pdf
github.com/cisagov/decider/blob/develop/docs/imgs/docker-started-1.0.0.png
github.com/cisagov/decider/blob/develop/docs/imgs/full-search-1.0.0.png
github.com/cisagov/decider/blob/develop/docs/imgs/question-tree-1.0.0.png