Decider – A Web Application That Assists Network Defenders, Analysts, And Researcher In The Process Of Mapping Adversary Behaviors To The MITRE ATT&CK Framework
What is it?
The Short
A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.
The Long
Decider is a tool to help analysts map adversary behavior to the MITRE ATT&CK framework. Decider makes creating ATT&CK mappings easier to get right by walking users through the mapping process. It does so by asking a series of guided questions about adversary activity to help them arrive at the correct tactic, technique, or subtechnique. Decider has a powerful search and filter functionality that enables users to focus on the parts of ATT&CK that are relevant to their analysis. Decider also has a cart functionality that lets users export results to commonly used formats, such as tables and ATT&CK Navigator™ heatmaps.
The Screenshots
Decider’s Question Tree
(you are here)[Matrix > Tactic] > Technique > SubTechnique 
Decider’s Full Technique Search
Boolean expressions, prefix-matching, and stemming included. 
The Notice
This project makes use of MITRE ATT&CK – ATT&CK Terms of Use
Usage
Read the User Guide
Installation
Docker
Best option for 99% of people
git clone https://github.com/cisagov/decider.git
cd decider
cp .env.example .env
[sudo] docker compose up
sudo for Linux only
Linux tested on:
- Ubuntu Jammy 22.04.2 LTS
- Docker Engine
- Not Docker Desktop (couldn’t get nested-virt in my VM)
Windows tested on:
- Windows 11 Home, version 22H2, build 22621.1344
- Home doesn’t support HyperV
- Thus tested on Docker Desktop via WSL backend
macOS (M1) tested on:
- macOS Ventura 13.2.1 (22D68)
- Mac M1 Processor
- On Docker Desktop installed via .dmg
It is ready when Starting uWSGI appears 
Then visit http://localhost:8001/
(Port is set by .env WEB_PORT)
Default Login:
- Email: [email protected]
- Password: admin
And note: Postgres stores its data in a Docker volume to persist the database.
Manual Install
Read the Admin Guide
There are some issues in the instructions… Working on it, simplifying them
Help Tips:
- Use Python 3.8.10 / 3.8.x on Linux / mac
- Follow the order of instructions
- Watch out using
sudowithpython– it won’t keep the venv you’re in by default - If just running for yourself locally:
- Don’t create a system account for decider
- Don’t use uWSGI
- Use the built-in debug Flask server
- Mac M1 users should install Postgres before installing the pip requirements
brew install postgresql- Explained: psycopg2-binary isn’t using a pre-built binary and tries to compile from scratch, and it can’t find pg_config.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
