Skip to main content

ThreatMapper v2.0 Visual Guide

Screenshots, diagrams, and workflow infographics from the published ThreatMapper v2.0 article. These assets are mirrored locally in the official docs so the guide does not depend on Medium image hosting.

Read the ecosystem article: ThreatMapper v2.0 - Self-Hosted AI CTI Platform.

Overview

ThreatMapper v2.0 article cover

Problem overview: CTI reports to ATT&CK evidence

ThreatMapper page and feature map

Self-hosted Docker architecture

Setup And API

Terminal command output

Docker Compose startup logs

FastAPI Swagger documentation

Discover And AI Analysis

Discover Intelligence dashboard

AI Analysis provider and upload panel

Local LLM provider option

AI Analysis extracted structured output

APT matches tab

Raw AI analysis response

Review status controls

Navigator matrix workspace

Discover matrix view

Navigator selected TTP layer

Navigator overlay and technique detail

Domain and selected TTP controls

ATT&CK Group Library actor profile

Tactic coverage chart

Comparison Workflows

Compare mode landing page

Group comparison graph

Campaign comparison page

Stored report comparison

Group vs Group comparison

DFIR Examples And Reference Sync

DFIR Examples list

DFIR report analysis workflow

Reference Sync page

Exports

PDF export control

STIX/OpenCTI export flow

ATT&CK Navigator export controls

Previous report PDF actions

End-to-End Workflow

Practical attribution workflow infographic