A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.
Decider is a tool to help analysts map adversary behavior to the MITRE ATT&CK framework. Decider makes creating ATT&CK mappings easier to get right by walking users through the mapping process. It does so by asking a series of guided questions about adversary activity to help them arrive at the correct tactic, technique, or subtechnique. Decider has a powerful search and filter functionality that enables users to focus on the parts of ATT&CK that are relevant to their analysis. Decider also has a cart functionality that lets users export results to commonly used formats, such as tables and ATT&CK Navigator™ heatmaps.
(you are here)[Matrix > Tactic] > Technique > SubTechnique
Boolean expressions, prefix-matching, and stemming included.
This project makes use of MITRE ATT&CK - ATT&CK Terms of Use
Read the User Guide
Best option for 99% of people
git clone https://github.com/cisagov/decider.git
cd decider
cp .env.example .env
[sudo] docker compose up
sudo for Linux only
- Ubuntu Jammy 22.04.2 LTS
- Docker Engine
- Not Docker Desktop (couldn't get nested-virt in my VM)
- Windows 11 Home, version 22H2, build 22621.1344
- Home doesn't support HyperV
- Thus tested on Docker Desktop via WSL backend
- In-Progress
- mac's ControlCenter binds to 5000 and 7000... thus preventing the app from binding
- Should make that a .env var - so an alternative is easier
- You may need to chown some Docker directories to your name
- sudo is not the way and won't work
- Need to mess with Postgres connection auth preferences
- M1 build tries using SCRAM authentication, which needs libpg >= 10
- But not present, thus breaking build
- May just use md5
- M1 build tries using SCRAM authentication, which needs libpg >= 10
It is ready when Starting uWSGI appears
Then visit http://localhost:5000/
Default Login:
- Email: admin@admin.com
- Password: admin
And note: Postgres stores its data in ./docker/db/data. That's why you'll need sudo to enter/remove that folder
Read the Admin Guide
There are some issues in the instructions... Working on it, simplifying them
Help Tips:
- Use Python 3.8.10 / 3.8.x on Linux / mac
- Follow the order of instructions
- Watch out using
sudowithpython- it won't keep the venv you're in by default - If just running for yourself locally:
- Don't create a system account for decider
- Don't use uWSGI
- Use the built-in debug Flask server
- Mac M1 users should install Postgres before installing the pip requirements
brew install postgresql- Explained: psycopg2-binary isn't using a pre-built binary and tries to compile from scratch, and it can't find pg_config.