Decider is a Web Application That Assists Network Defenders, Analysts, And Researcher In The Process Of Mapping Adversary Behaviors To The MITRE ATT&CK Framework.
A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.
Decider is a tool to help analysts map adversary behavior to the MITRE ATT&CK framework. Decider makes creating ATT&CK mappings easier to get right by walking users through the mapping process. It does so by asking a series of guided questions about adversary activity to help them arrive at the correct tactic, technique, or subtechnique. Decider has a powerful search and filter functionality that enables users to focus on the parts of ATT&CK that are relevant to their analysis. Decider also has a cart functionality that lets users export results to commonly used formats, such as tables and ATT&CK Navigator™ heatmaps.
(you are here)[Matrix > Tactic] > Technique > SubTechnique
Boolean expressions, prefix-matching, and stemming included.
This project makes use of MITRE ATT&CK – ATT&CK Terms of Use
Read the User Guide
Best option for 99% of people
git clone https://github.com/cisagov/decider.git cd decider cp .env.docker .env # if you want HTTPS instead of HTTP # - edit .env # + WEB_HTTPS_ON='yes' # - populate cert / key files # + /app/utils/certs/decider.key # + /app/utils/certs/decider.crt [sudo] docker compose up # sudo for Linux only
It is ready when Starting uWSGI appears
Default Endpoint: http://localhost:8001/
Default Login:
Endpoint Determination (.env vars):
WEB_HTTPS_ON=''
-> http://WEB_IP
:WEB_PORT
/WEB_HTTPS_ON='anything'
-> https://WEB_IP
:WEB_PORT
/HTTPS Cert Location:
docker compose up
to set your SSL cert up DB Persistence Note: Postgres stores its data in a Docker volume to persist the database.
Read the Ubuntu & CentOS guides and recreate actions according to your platform.
open()
in Python uses the system’s default text encoding
utf-8
on macOS and Linuxwindows-1252
on Windows encoding='utf-8'
as an arg in each open()
may allow Windows deployment(M1 users at least) Make sure to (1) install Postgres before (2) installing the pip requirements
brew install postgresql
pip install -r requirements.txt
Please consider following and supporting us to stay updated with the latest information.
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…
What is a bash case statement? A bash case statement is a way to control…
Why Do We Check Files in Bash? When writing a Bash script, you often work…