Decider is a Web Application That Assists Network Defenders, Analysts, And Researcher In The Process Of Mapping Adversary Behaviors To The MITRE ATT&CK Framework.
A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.
Decider is a tool to help analysts map adversary behavior to the MITRE ATT&CK framework. Decider makes creating ATT&CK mappings easier to get right by walking users through the mapping process. It does so by asking a series of guided questions about adversary activity to help them arrive at the correct tactic, technique, or subtechnique. Decider has a powerful search and filter functionality that enables users to focus on the parts of ATT&CK that are relevant to their analysis. Decider also has a cart functionality that lets users export results to commonly used formats, such as tables and ATT&CK Navigator™ heatmaps.
(you are here)[Matrix > Tactic] > Technique > SubTechnique
Boolean expressions, prefix-matching, and stemming included.
This project makes use of MITRE ATT&CK – ATT&CK Terms of Use
Read the User Guide
Best option for 99% of people
git clone https://github.com/cisagov/decider.git cd decider cp .env.docker .env # if you want HTTPS instead of HTTP # - edit .env # + WEB_HTTPS_ON='yes' # - populate cert / key files # + /app/utils/certs/decider.key # + /app/utils/certs/decider.crt [sudo] docker compose up # sudo for Linux only
It is ready when Starting uWSGI appears
Default Endpoint: http://localhost:8001/
Default Login:
Endpoint Determination (.env vars):
WEB_HTTPS_ON=''
-> http://WEB_IP
:WEB_PORT
/WEB_HTTPS_ON='anything'
-> https://WEB_IP
:WEB_PORT
/HTTPS Cert Location:
docker compose up
to set your SSL cert up DB Persistence Note: Postgres stores its data in a Docker volume to persist the database.
Read the Ubuntu & CentOS guides and recreate actions according to your platform.
open()
in Python uses the system’s default text encoding
utf-8
on macOS and Linuxwindows-1252
on Windows encoding='utf-8'
as an arg in each open()
may allow Windows deployment(M1 users at least) Make sure to (1) install Postgres before (2) installing the pip requirements
brew install postgresql
pip install -r requirements.txt
Please consider following and supporting us to stay updated with the latest information.
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…