Threat-Informed Defence

Know your adversaries.
Before they act.

A suite of interconnected tools for building ATT&CK-based threat profiles, synthesising real-world intelligence, and visualising coverage gaps — grounded in MITRE ATT&CK v18.1.

Start a threat profile → View recommended workflow
v18.1 ATT&CK Version
3 Integrated Tools
38 Threat Actors
3 Data Sources
The Suite

Three tools. One workflow.

Each tool is standalone or interconnected — pass data between them to build a complete threat picture.

🎯
Tool 01
ATT&CK Threat Profiler
Input your organisation's environment, security posture, compliance obligations, and threat history. Receive a prioritised ATT&CK technique profile with scored tactic weights, control gap analysis, and exportable Navigator layers.
Profiling Scoring Navigator Excel OT/ICS
Launch tool → Live
🔍
Tool 02
Threat Intel Explorer
Query real-world ATT&CK technique prevalence by industry vertical and threat actor. AI-synthesised from CTID Sightings, CISA Advisories, and ATT&CK STIX v18.1. Export results directly to the Heatmap Builder.
CTID CISA STIX v18.1 AI Synthesis
Launch tool → Live
🗺️
Tool 03
Heatmap Builder
Build custom ATT&CK heatmaps by technique ID, tactic, threat actor, or Navigator import. Assign free-form colours per cell, add notes, load live mitigations and detections from MITRE CTI, and export PNG or Navigator JSON.
Heatmap Mitigations PNG Export Navigator
Launch tool → Live
Recommended Workflow

From inputs to intelligence.

Follow these steps to build a complete, defensible threat profile for any organisation.

End-to-end assessment workflow
Estimated time: 30–60 minutes per organisation
ATT&CK v18.1
1
Run the Threat Profiler
Enter your organisation's industry vertical, size, technology environment, security posture, compliance obligations, and known threat history. The profiler scores tactic weights and surfaces the most relevant ATT&CK techniques based on your specific profile.
🎯 ATT&CK Threat Profiler →
2
Export Navigator & Review Gaps
Export the ATT&CK Navigator JSON layer and the Excel workbook. Review the control gap analysis to identify where your security posture is weakest relative to your top techniques. Use the Markdown export to brief stakeholders.
📊 Export from Threat Profiler →
3
Validate with Threat Intelligence
Cross-reference your profiler output against live intelligence. Select your industry vertical and the threat actors most relevant to you. The Threat Intel Explorer synthesises CTID sighting frequencies, CISA advisory counts, and STIX group mappings to validate or surface additional technique priorities.
🔍 Threat Intel Explorer →
4
Build a Coverage Heatmap
Send your Threat Intel Explorer results directly to the Heatmap Builder, or import your Navigator layer from the Threat Profiler. Colour-code techniques by severity, coverage status, or any custom meaning. Add notes and load live mitigations and detection guidance per technique from the MITRE CTI STIX bundle.
🗺️ Heatmap Builder →
5
Export & Present
Export a labelled PNG heatmap for presentations, a Navigator JSON for further analysis in ATT&CK Navigator, or CSV/Markdown for reporting. Use the full Excel workbook to present a complete, scored ATT&CK assessment with OT/ICS and ATLAS AI sections if applicable.
Use Cases

Built for practitioners.

Designed to support the real workflows of security teams and consultants.

🏢
Security Assessment
Build a scored ATT&CK profile for a client engagement. Export a Navigator layer and Excel workbook as deliverables.
🔴
Red Team Planning
Identify the highest-priority techniques for adversary emulation based on sector, actor group, and real-world sighting data.
🔵
Detection Engineering
Surface detection gaps per technique using live MITRE mitigation and detection guidance from the STIX bundle.
📋
Board Reporting
Generate readable Markdown and Excel exports to communicate threat exposure and control gaps to non-technical stakeholders.
🏭
OT / ICS Environments
Activate the OT section to generate an ICS ATT&CK Navigator layer alongside the Enterprise layer for converged IT/OT environments.
📡
Threat Intelligence
Validate internal threat intel against CTID sightings frequencies, CISA advisories, and 38 mapped threat actor groups.