Threat-Informed Defense

Know your adversaries.
Before they act.

A suite of interconnected tools for building ATT&CK-based threat profiles, synthesizing real-world intelligence, and visualizing coverage gaps — grounded in MITRE ATT&CK v19.

Start a threat profile → View recommended workflow
v19 ATT&CK Version
7 Integrated Tools
38 Threat Actors
3 Data Sources
ATT&CK v19 · April 2026

What's new in v19

v19 sharpens the evasion taxonomy. TA0005 Defense Evasion is renamed Stealth — focused on behaviors that hide attacker activity (obfuscation, indicator removal, process injection). A new tactic, Defense Impairment (TA0112), captures techniques that disable, degrade, or interfere with defensive tools and logging. Enterprise tactics now total 15 (up from 14). Technique IDs (T-codes) are stable across versions — your saved sessions, exports, and Navigator layers continue to work without modification.

The Suite

Seven tools. One workflow.

Each tool is standalone or interconnected — pass data between them to build a complete threat picture.

🎯
Tool 01
ATT&CK Threat Profiler
Input your organization's environment, security posture, compliance obligations, and threat history. Receive a prioritized ATT&CK technique profile with scored tactic weights, control gap analysis, and exportable Navigator layers.
Profiling Scoring Navigator Excel OT/ICS
Launch tool → Live
🔍
Tool 02
Threat Intel Explorer
Query real-world ATT&CK technique prevalence by industry vertical and threat actor. AI-synthesized from CTID Sightings, CISA Advisories, and ATT&CK STIX v19. Export results directly to the Heatmap Builder.
CTID CISA STIX v19 AI Synthesis
Launch tool → Live
🗺️
Tool 03
Heatmap Builder
Build custom ATT&CK heatmaps by technique ID, tactic, threat actor, or Navigator import. Assign free-form colors per cell, add notes, load live mitigations and detections from MITRE CTI, and export PNG or Navigator JSON.
Heatmap Mitigations PNG Export Navigator
Launch tool → Live
⛓️
Tool 04
Attack Chain Visualiser
Map how attacks chain across ATT&CK tactic stages. Load from a scored profile or build manually. Connect technique nodes to visualise attack progression, then export detection playbooks and Sigma rules.
Attack Chains Detections Sigma Playbook
Launch tool → Live
📋
Tool 05
Security Stack Whiteboard
Run a structured security stack discovery session. Capture technology inventory across 13 security domains, auto-generate a coverage heatmap, identify gaps, and export a Security Stack Report with service recommendations.
Stack Discovery Gap Analysis CIS v8.1 Heatmap
Launch tool → Live
🔬
Tool 06
Detection Intelligence Platform
Evidence-backed detection engineering lifecycle management. Build 6-block methodology records per technique, score detection confidence from log source through validation, and track program maturity over time.
6-Block Methodology Confidence Scoring STIX Log Sources Session JSON
Open tool → Beta
🎭
Tool 07
Attack Detection Scenario Generator
Build synthetic, vendor-accurate attack scenarios without a live environment. Declare your stack, select an ATT&CK technique, generate a realistic event sequence in your exact vendor field schema, curate it, and deliver it to the DCVE for detection rule validation.
Scenario Builder pySigma Schemas AI Generation DCVE
Open tool → Beta
Recommended Workflow

From inputs to intelligence.

Follow these steps to build a complete, defensible threat profile for any organization.

End-to-end assessment workflow
Estimated time: 30–60 minutes per organization
ATT&CK v19
1
Run the Threat Profiler
Enter your organization's industry vertical, size, technology environment, security posture, compliance obligations, and known threat history. The profiler scores tactic weights and surfaces the most relevant ATT&CK techniques based on your specific profile.
🎯 ATT&CK Threat Profiler →
2
Export Navigator & Review Gaps
Export the ATT&CK Navigator JSON layer and the Excel workbook. Review the control gap analysis to identify where your security posture is weakest relative to your top techniques. Use the Markdown export to brief stakeholders.
📊 Export from Threat Profiler →
3
Validate with Threat Intelligence
Cross-reference your profiler output against live intelligence. Select your industry vertical and the threat actors most relevant to you. The Threat Intel Explorer synthesizes CTID sighting frequencies, CISA advisory counts, and STIX group mappings to validate or surface additional technique priorities.
🔍 Threat Intel Explorer →
4
Build a Coverage Heatmap
Send your Threat Intel Explorer results directly to the Heatmap Builder, or import your Navigator layer from the Threat Profiler. Color-code techniques by severity, coverage status, or any custom meaning. Add notes and load live mitigations and detection guidance per technique from the MITRE CTI STIX bundle.
🗺️ Heatmap Builder →
5
Export & Present
Export a labelled PNG heatmap for presentations, a Navigator JSON for further analysis in ATT&CK Navigator, or CSV/Markdown for reporting. Use the full Excel workbook to present a complete, scored ATT&CK assessment with OT/ICS and ATLAS AI sections if applicable.
Use Cases

Built for practitioners.

Designed to support the real workflows of security teams and consultants.

🏢
Security Assessment
Build a scored ATT&CK profile for a client engagement. Export a Navigator layer and Excel workbook as deliverables.
🔴
Red Team Planning
Identify the highest-priority techniques for adversary emulation based on sector, actor group, and real-world sighting data.
🔵
Detection Engineering
Surface detection gaps per technique using live MITRE mitigation and detection guidance from the STIX bundle.
📋
Board Reporting
Generate readable Markdown and Excel exports to communicate threat exposure and control gaps to non-technical stakeholders.
🏭
OT / ICS Environments
Activate the OT section to generate an ICS ATT&CK Navigator layer alongside the Enterprise layer for converged IT/OT environments.
📡
Threat Intelligence
Validate internal threat intel against CTID sightings frequencies, CISA advisories, and 38 mapped threat actor groups.