The US CISA has released a tool designed to help researchers, analysts and network defenders map threat actors’ tactics, techniques, and procedures to the MITRE ATT&CK framework.
The Homeland Security Systems Engineering and Development Institute (HSSEDI) developed the Decider tool with MITRE’s ATT&CK team.
Decider is a web application that serves as a companion to the document Best Practices for MITRE ATT&CK Mapping and enables cyber defenders to facilitate mapping to the framework by walking them through guided questions about the activity of adversaries.
Since the CISA announced its initial edition of Best Practices for MITRE ATT&CK Mapping nearly two years ago, the ATT&CK framework has evolved, expanded, and improved its ability to support more than just optimized cyber threat intelligence to the cybersecurity community.
To match these advances, the security agency recently published a second edition of its mapping guide and debuted the Decider tool as a new accompaniment to the guide.
The tool helps network defenders, analysts, and researchers create ATT&CK mappings easier to get right by walking users through the mapping process.
With an eye on these factors, the CISA partnered with the HSSEDI, which worked with the MITRE ATT&CK team, to develop a tool that was easy to understand with minimal technical language and could help users go through the framework steps
The MITRE ATT&CK Framework is used by CISA and other organizations in the cybersecurity community organizations to identify and analyze threat actor behavior. It also enables them to produce a set of mappings to develop adversary profiles; conduct activity trend analyses; and detect, respond to, and mitigate threats