Tool 06

Detection Intelligence Platform

Evidence-backed detection engineering — from threat profile to confirmed, validated coverage with program maturity tracking.

🔗
Import detectedtechniques ready to load. Select your entry point below to continue.
🎯
New to detection engineering? Start here.
Load the Foundation Tier — 12 techniques that every organization should detect first, ranked by universal threat frequency and early kill chain position.
Entry Point
✏️
Manual
Start blank — build your technique scope from the ATT&CK browser.
📊
From Profile
Load prioritized techniques from a Threat Profiler export.
🎭
From Threat Actor
Select one or more threat actors — techniques are pre-loaded.
🔍
From Threat Intelligence
Upload a DIP session JSON or Navigator layer to restore or import.
📋
From Whiteboard
Pull session identity and platform context from a Whiteboard session.
Coming Soon
Session Identity
Declared Platforms At least one required
Techniques irrelevant to declared platforms will be grayed in the technique browser and excluded from coverage scoring.
Windows Linux macOS Cloud / IaaS Containers Network SaaS OT / ICS
Industry Vertical
Used for Detection Priority Baseline weighting and vertical-adjusted tuning defaults.
Financial Services Healthcare Energy / Utilities Government Technology Retail Manufacturing Education Legal / Professional Critical Infrastructure Telecommunications Transportation Media / Entertainment Defense / Aerospace Pharmaceuticals Insurance Non-profit / NGO Supply Chain
Kill Chain Scope
Select which stages are in scope for this session. Out-of-scope stages are tracked but excluded from coverage scoring. Partial chains are fully supported.
0 techniques
🔬
No techniques added yet
Search above by T-code or technique name, or techniques were pre-loaded from your entry point.
Confirmed
Established
Developing
Initial
No Coverage
Not in scope
Source Name Category Status Assets / Collector Fidelity Baseline Validated Dep.
No log sources yet — click "Sync from Workbench" to auto-populate from your technique records, or add manually.
Record planned changes that affect your detection infrastructure.
No change control entries yet.
💾
Session JSON
Full session state — re-importable. Includes all 6-block methodology records, log source registry, change control register, and confidence scores. Use to resume work across sessions.
🗺️
ATT&CK Navigator Layer
Confidence scores mapped to DIP color bands. Import directly into the Heatmap Builder to overlay detection maturity on the ATT&CK matrix.
📄
Markdown Report
Human-readable detection methodology summary. Session identity, per-technique block summaries, confidence scores, and gap analysis. For analyst review and team documentation.
⚙️
Structured Ruleset (JSON)
Machine-readable rule records for agentic AI and automation pipelines. T-code, SIEM platform, rule query, block state summary, and confidence score per technique.