/Cyber-Adversary-Heatmaps

Intelligence around common attacker behaviors (MITRE ATT&CK TTPs), in the form of ATT&CK Navigator "layer" json files.

MIT LicenseMIT

Cyber Adversary Heatmaps

Intelligence around common attacker behaviors (MITRE ATT&CK TTPs), in the form of ATT&CK Navigator "layer" json files.

Paste .json file contents into the "Threat Intelligence" dropdown on the Threat Alignment page of the open-source Control Validation Compass project, to instantly surface technical & policy controls and offensive security tests aligned with these techniques.

The following heatmap sets are currently available:

Want to learn more about using ATT&CK Navigator to visualize TTP intelligence? See the MITRE ATT&CK CTI Training here, and ATT&CK Navigator documentation here.

Unless otherwise noted, heatmaps will use the following base ATT&CK Navigator settings:

{
	"name": "base",
	"versions": {
		"attack": "11",
		"navigator": "4.6.1",
		"layer": "4.3"
	},
	"domain": "enterprise-attack",
	"description": "",
	"filters": {
		"platforms": [
			"Linux",
			"macOS",
			"Windows",
			"PRE",
			"Containers",
			"Network",
			"Office 365",
			"SaaS",
			"Google Workspace",
			"IaaS",
			"Azure AD"
		]
	},
	"sorting": 0,
	"layout": {
		"layout": "side",
		"aggregateFunction": "max",
		"showID": false,
		"showName": true,
		"showAggregateScores": true,
		"countUnscored": false
	},
	"hideDisabled": false,
	"techniques": [],
	"gradient": {
		"colors": [
			"#ffffff",
			"#ff6666"
		],
		"minValue": 0,
		"maxValue": 1
	},
	"legendItems": [],
	"metadata": [],
	"links": [],
	"showTacticRowBackground": false,
	"tacticRowBackground": "#dddddd",
	"selectTechniquesAcrossTactics": true,
	"selectSubtechniquesWithParent": false
}

MITRE ATT&CK® is a registered trademark of The MITRE Corporation