Map A Report To ATT&CK

Draft

Level: Intermediate

Goal: Turn one report into reviewed ATT&CK techniques.

Real-Life Scenario

A vendor publishes a report about a new intrusion chain, and the CTI team needs reviewed ATT&CK mappings before creating detections or briefing the SOC.

When To Use This

Use this workflow when you need a structured analyst workflow and want the output to remain traceable to evidence.

Steps

Load PDF/DOCX/TXT or paste text into AI Analysis.
Choose provider/domain and run extraction.
Review evidence for every TTP and set review status.
Inject accepted TTPs into Navigator.
Export JSON, layer, or PDF.

Expected Result

Reviewed TTP set with evidence and exportable layer/report.

Review Notes

Keep source labels and evidence attached to every accepted result.
Treat actor matches, enrichment hits, and matrix overlap as analytical signals until corroborated.
Export only reviewed findings for customer, SOC, detection engineering, or executive use.

Draft​

Real-Life Scenario​

When To Use This​

Steps​

Expected Result​

Review Notes​