Full Deployment Flow
Clone the repository, configure secrets, start Docker, verify selftest, sync ATT&CK/ATLAS, and connect IOC/rule/enrichment feeds.
Read more →Start Here
- Clone the repository and create `.env`
- Start the Docker stack
- Run selftest and confirm API health
- Sync ATT&CK, ATLAS, actor metadata, IOC feeds, YARA/Sigma, and sandbox behavior sources
- Analyze a report or IOC
- Review mappings, enrich context, compare actors, and export outputs
Self-Hosted Platform
AdversaryGraph Docker is the supported full platform: private AI-assisted extraction, stored analyses, APIs, PDF reports, IOC enrichment, STIX/TAXII/MISP workflows, YARA/Sigma sync, sandbox behavior, and scheduled reference synchronization.
Report content is sent only to the LLM provider configured by the operator. For fully private analysis, use a local or private OpenAI-compatible gateway.
Follow the complete clone-to-feed-sync flow →Documentation Areas
Platform Capabilities
Review the full capability map: AI analysis, actor intelligence, IOC Library, enrichment, feeds, STIX/TAXII/MISP, YARA/Sigma, sandbox behavior, exports, and APIs.
Read more →AI-Assisted Mapping
Ingest PDF, DOCX, TXT, or pasted reports through the LLM provider configured by the operator, then review evidence-backed ATT&CK mapping candidates.
Read more →ATT&CK And ATLAS Navigator
Explore Enterprise, Mobile, ICS, and ATLAS matrices, build layers, review technique context, and plan coverage.
Read more →Group, Campaign, And Report Similarity
Use TTP overlap for hypothesis generation, prioritization, report comparison, and gap analysis. Similarity is not attribution.
Read more →Operations, Security, And Validation
Operate the self-hosted platform with selftests, troubleshooting, evaluation guidance, API access, and deployment hardening.
Read more →