Decider is a web application that guides analysts in mapping adversary behaviors to the MITRE ATT&CK® framework through a structured, question-driven process.
A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.
Decider is designed for network defenders, analysts, and researchers who need to accurately map observed adversary activities to the MITRE ATT&CK framework. It simplifies the mapping process by providing guided questions, search, and filtering capabilities, enabling users to focus on relevant tactics and techniques and export their findings for reporting or further analysis.
Decider requires users to set their own secure passwords in the .env file as no defaults are provided. It is recommended to use Docker for deployment to simplify setup and updates. The tool is complementary to the official MITRE ATT&CK site and focuses solely on assisting with the mapping process, not replacing the ATT&CK framework itself.
git clone https://github.com/cisagov/decider.git
cd decider
cp .env.docker .env
Edit .env to define DB_ADMIN_PASS, DB_KIOSK_PASS, CART_ENC_KEY, APP_ADMIN_PASS (no default passwords provided)
cp -r default_config/. config/
sudo docker compose up
Visit http://localhost:8001/ once the application starts
To apply config changes in config/, run: sudo docker compose stop && sudo docker compose start
To apply changes in .env, run: sudo docker compose up (recreates containers)git clone https://github.com/cisagov/decider.git
Clone the Decider repository locally
cp .env.docker .env
Copy the Docker environment template to .env for configuration
sudo docker compose up
Start the Decider application using Docker Compose
sudo docker compose stop && sudo docker compose start
Restart Docker containers to apply changes in the config directory