The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI), has launched Decider, a tool designed to map adversary behavior onto the MITRE ATT&CK® framework. HSSEDI, a federally funded research and development center managed and operated by MITRE for the Department of Homeland Security, played a pivotal role alongside MITRE’s ATT&CK team in creating Decider.
Serving as a complementary tool to the Best Practices for MITRE ATT&CK® Mapping Guide, Decider streamlines the process of aligning adversary tactics, techniques, and procedures (TTPs) with the ATT&CK framework. It guides users through a series of targeted questions regarding adversary activities, facilitating cybersecurity defenders in identifying precise tactics or techniques. This streamlined approach aids in sharing findings, identifying mitigations, and enhancing detection capabilities.
Decider Tool Implementation and Access
Decider, a web application, requires hosting for usage. Organizations can internally host Decider, allowing for customization, sharing of mappings, and user-specific data storage. CISA doesn't provide direct access to a running instance of Decider. Presently, Decider is compatible with Enterprise ATT&CK versions 11.0 and 12.0.
Interested users can download Decider from the CISA GitHub site. Further insights and technical details about this tool can be accessed through CISA’s dedicated technical blog, supporting the identification and counteraction of adversary behavior in alignment with Best Practices for MITRE ATT&CK Mapping.
Learn more about Decider.