The US Cybersecurity and Infrastructure Security Agency (CISA) has released “Decider”, an open-source tool that helps defenders and security analysts quickly generate MITER ATT&CK mapping reports.

The MITER ATT&CK framework is a standard for identifying and tracking adversary tactics and techniques based on observations of cyberattacks, allowing defenders to adjust their security posture accordingly.

By having a common standard, organizations can quickly share complete and accurate information about newly discovered or emerging threats and help hinder their effectiveness.

CISA recently published a guide to “good practices” on MITER ATT&CK mapping, emphasizing the importance of using the standard.

Decide was developed in partnership with the Homeland Security Systems Engineering and Development Institute and MITER and has been made available free of charge via CISA GitHub repository.

“Today, CISA released Decider, a free tool to help the cybersecurity community map threat actor behavior within the MITER ATT&CK framework,” reads a statement. CISA Announcement.

“Created in partnership with the Homeland Security Systems Engineering and Development Institute (HSSEDI) and MITRE, Decider helps make mapping fast and accurate with guided questions, a powerful search and filter function, and a shopping cart feature that allows users to export results to commonly used formats.

The tool asks user-guided questions about observed adverse activity and generates the corresponding MITER ATT&CK report.

For example, a question might be “What is the opponent trying to do?” to which a possible answer is “Gaining a first foothold in the environment”, which corresponds to the initial access tactic.

Questions will continue until a sub-technique is reached for all tactics, or at least one technique, in case no sub-technique matches the particular activity.

The defender can use the generated MITER ATT&CK report to develop targeted defense tactics or export it in common formats and share it with others in the industry to prevent the proliferation of the identified threat.

As CISA explains in a fact sheet Released alongside the release of Decider, MITER ATT&CK mapping reports can help guide next steps in threat response, including:

• Visualization of results in ATT&CK Navigator
• Share findings with others by publishing threat intelligence reports
• Finding sensors and analytics to detect these techniques
• Discover mitigations that help prevent techniques from working in the first place
• Compilation of threat emulation plans to validate defenses

CISA urges the cybersecurity community to download and use Decider and submit their commentsbug reports or even feature suggestions.