Decider is a Web Application That Assists Network Defenders, Analysts, And Researcher In The Process Of Mapping Adversary Behaviors To The MITRE ATT&CK Framework.
A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.
Decider is a tool to help analysts map adversary behavior to the MITRE ATT&CK framework. Decider makes creating ATT&CK mappings easier to get right by walking users through the mapping process. It does so by asking a series of guided questions about adversary activity to help them arrive at the correct tactic, technique, or subtechnique. Decider has a powerful search and filter functionality that enables users to focus on the parts of ATT&CK that are relevant to their analysis. Decider also has a cart functionality that lets users export results to commonly used formats, such as tables and ATT&CK Navigator™ heatmaps.
(you are here)[Matrix > Tactic] > Technique > SubTechnique
Boolean expressions, prefix-matching, and stemming included.
This project makes use of MITRE ATT&CK – ATT&CK Terms of Use
Read the User Guide
Best option for 99% of people
git clone https://github.com/cisagov/decider.git cd decider cp .env.docker .env # if you want HTTPS instead of HTTP # - edit .env # + WEB_HTTPS_ON='yes' # - populate cert / key files # + /app/utils/certs/decider.key # + /app/utils/certs/decider.crt [sudo] docker compose up # sudo for Linux only
It is ready when Starting uWSGI appears
Default Endpoint: http://localhost:8001/
Default Login:
Endpoint Determination (.env vars):
WEB_HTTPS_ON=''
-> http://WEB_IP
:WEB_PORT
/WEB_HTTPS_ON='anything'
-> https://WEB_IP
:WEB_PORT
/HTTPS Cert Location:
docker compose up
to set your SSL cert up DB Persistence Note: Postgres stores its data in a Docker volume to persist the database.
Read the Ubuntu & CentOS guides and recreate actions according to your platform.
open()
in Python uses the system’s default text encoding
utf-8
on macOS and Linuxwindows-1252
on Windows encoding='utf-8'
as an arg in each open()
may allow Windows deployment(M1 users at least) Make sure to (1) install Postgres before (2) installing the pip requirements
brew install postgresql
pip install -r requirements.txt
Please consider following and supporting us to stay updated with the latest information.
The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…
Introduction In digital investigations, images often hold more information than meets the eye. With the…
The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…
What is a Port? A port in networking acts like a gateway that directs data…
The ls command is fundamental for anyone working with Linux. It’s used to display the files and…
The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…