The Cybersecurity and Infrastructure Security Agency (CISA) has released a free tool called Decider to help cybersecurity professionals map threat actor behavior to the MITRE ATT&CK framework. The tool is designed to be easy to use and can be used by anyone with basic knowledge of cybersecurity.
Decider asks users a series of questions about the observed adversary activity and generates the corresponding MITRE ATT&CK report. The tool can be used to map any type of adversary behavior, including attacks, reconnaissance, and exploitation. Results can be quickly exported in a variety of formats.
The MITRE ATT&CK framework is a knowledge base and model of adversary activity used by cybersecurity professionals to understand and mitigate threats. The framework is based on real-world observations of adversary behavior and is used by organizations of all sizes to improve their cybersecurity posture.
Decider is a valuable tool for anyone working in cybersecurity. The tool can help cybersecurity professionals to better understand adversary behavior, to identify and mitigate threats, and to improve their overall cybersecurity posture.
According to a Decider fact sheet released by CISA, users of the tool can take the findings and pivot to other ATT&CK activities, including:
- Visualizing the findings in ATT&CK Navigator
- Sharing the findings with others by publishing threat intelligence reports
- Finding sensors and analytics to detect those techniques
- Discovering mitigations that help prevent techniques from working in the first place
- Compiling threat emulation plans to validate defenses
How to download Decider tool for MITRE ATT&CK mapping
CISA is encouraging cybersecurity professionals to try Decider and submit feedback through a survey. It can be downloaded through GitHub, where users can file bug reports, feature requests, or other feedback. A best practices guide for Decider is also available on CISA’s website.