The Cybersecurity and Infrastructure Security Agency (CISA) recently launched a free tool called Decider to help the cybersecurity community map threat actor behaviour to the MITRE ATT&CK Framework.

Decider uses a combination of guided questions, efficient search and filtering, and a shopping cart feature that allows users to export results in common formats. These features allow for quick and accurate mapping:

This tool walks users through a mapping process, asking them a series of guided questions about adversary activity to help them arrive at the correct tactic, technique, or sub-technique. Along with the tool, users are also provided with a fact sheet and brief video that will familiarize them with key features and capabilities of Decider.

The tool was developed through a joint effort between MITRE and the Homeland Security Systems Engineering and Development Institute (HSSEDI).