A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.
Decider is a tool to help analysts map adversary behavior to the MITRE ATT&CK framework. Decider makes creating ATT&CK mappings easier to get right by walking users through the mapping process. It does so by asking a series of guided questions about adversary activity to help them arrive at the correct tactic, technique, or subtechnique. Decider has a powerful search and filter functionality that enables users to focus on the parts of ATT&CK that are relevant to their analysis. Decider also has a cart functionality that lets users export results to commonly used formats, such as tables and ATT&CK Navigator™ heatmaps.
(you are here)[Matrix > Tactic] > Technique > SubTechnique
Boolean expressions, prefix-matching, and stemming included.
This project makes use of MITRE ATT&CK - ATT&CK Terms of Use
Read the User Guide
Best option for 99% of people
git clone https://github.com/cisagov/decider.git
cd decider
cp .env.example .env
# if you want HTTPS instead of HTTP
# - edit .env
# + WEB_HTTPS_ON='yes'
# - populate cert / key files
# + /app/utils/certs/decider.key
# + /app/utils/certs/decider.crt
[sudo] docker compose up
# sudo for Linux onlyIt is ready when Starting uWSGI appears
Default Endpoint: http://localhost:8001/
Default Login:
- Email: admin@admin.com
- Password: admin
Endpoint Determination (.env vars):
WEB_HTTPS_ON=''-> http://WEB_IP:WEB_PORT/WEB_HTTPS_ON='anything'-> https://WEB_IP:WEB_PORT/
HTTPS Cert Location:
- Write these 2 files before
docker compose upto set your SSL cert up- /app/utils/certs/decider.key
- /app/utils/certs/decider.crt
- If either file is missing, a self-signed cert is generated and used instead
DB Persistence Note: Postgres stores its data in a Docker volume to persist the database.
- Ubuntu Jammy 22.04.2 LTS
- Docker Engine
- Not Docker Desktop (couldn't get nested-virt in my VM)
- Windows 11 Home, version 22H2, build 22621.1344
- Home doesn't support HyperV
- Thus tested on Docker Desktop via WSL backend
- macOS Ventura 13.2.1 (22D68)
- Mac M1 Processor
- On Docker Desktop installed via .dmg
Read the Admin Guide
There are some issues in the instructions... Working on it, simplifying them
Help Tips:
- Use Python 3.8.10 / 3.8.x on Linux / mac
- Follow the order of instructions
- Watch out using
sudowithpython- it won't keep the venv you're in by default - If just running for yourself locally:
- Don't create a system account for decider
- Don't use uWSGI
- Use the built-in debug Flask server
- Mac M1 users should install Postgres before installing the pip requirements
brew install postgresql- Explained: psycopg2-binary isn't using a pre-built binary and tries to compile from scratch, and it can't find pg_config.