A Web Application That Assists Network Defenders, Analysts, And Researcher In The Process Of Mapping Adversary Behaviors To The MITRE ATT&CK Framework

What is it?

The Short

A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.

(you are here)[Matrix > Tactic] > Technique > SubTechnique

Decider’s Full Technique Search

Boolean expressions, prefix-matching, and stemming included.

The Notice

This project makes use of MITRE ATT&CK – ATT&CK Terms of Use

Usage

Read the User Guide

Installation

Docker

Best option for 99% of people

git clone https://github.com/cisagov/decider.git
cd decider
cp .env.example .env
[sudo] docker compose up

sudo for Linux only

Linux tested on:

• Ubuntu Jammy 22.04.2 LTS
• Docker Engine
  • Not Docker Desktop (couldn’t get nested-virt in my VM)

Windows tested on:

• Windows 11 Home, version 22H2, build 22621.1344
• Home doesn’t support HyperV

macOS (M1) tested on:

• macOS Ventura 13.2.1 (22D68)
• Mac M1 Processor
• On Docker Desktop installed via .dmg

It is ready when Starting uWSGI appears

Then visit http://localhost:8001/

(Port is set by .env WEB_PORT)

Default Login:

And note: Postgres stores its data in a Docker volume to persist the database.

Manual Install

Read the Admin Guide

There are some issues in the instructions… Working on it, simplifying them

Help Tips:

• Use Python 3.8.10 / 3.8.x on Linux / mac
• Follow the order of instructions
• Watch out using sudo with python – it won’t keep the venv you’re in by default
• If just running for yourself locally:
  • Don’t create a system account for decider
  • Don’t use uWSGI
  • Use the built-in debug Flask server
• Mac M1 users should install Postgres before installing the pip requirements
  • brew install postgresql
  • Explained: psycopg2-binary isn’t using a pre-built binary and tries to compile from scratch, and it can’t find pg_config.