{"id":13575667,"url":"https://github.com/cisagov/decider","last_synced_at":"2025-05-14T19:03:08.557Z","repository":{"id":89767907,"uuid":"602295422","full_name":"cisagov/decider","owner":"cisagov","description":"A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT\u0026CK® framework.","archived":false,"fork":false,"pushed_at":"2025-02-11T19:01:38.000Z","size":29530,"stargazers_count":1171,"open_issues_count":3,"forks_count":128,"subscribers_count":30,"default_branch":"develop","last_synced_at":"2025-04-01T04:51:21.941Z","etag":null,"topics":["cybersecurity","ttp"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cisagov.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-15T22:49:21.000Z","updated_at":"2025-03-26T12:25:57.000Z","dependencies_parsed_at":"2023-10-04T05:45:20.892Z","dependency_job_id":"ee02b699-b68c-45ff-8bb9-73a263828019","html_url":"https://github.com/cisagov/decider","commit_stats":{"total_commits":151,"total_committers":10,"mean_commits":15.1,"dds":"0.26490066225165565","last_synced_commit":"17ee51f4816f11b7cd2614646191dd2cb321a6b4"},"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cisagov%2Fdecider","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cisagov%2Fdecider/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cisagov%2Fdecider/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cisagov%2Fdecider/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cisagov","download_url":"https://codeload.github.com/cisagov/decider/tar.gz/refs/heads/develop","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247790953,"owners_count":20996634,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","ttp"],"created_at":"2024-08-01T15:01:03.153Z","updated_at":"2025-04-08T06:30:18.667Z","avatar_url":"https://github.com/cisagov.png","language":"HTML","funding_links":[],"categories":["HTML"],"sub_categories":[],"readme":"# Decider\n\n\u003ca rel=\"license\" href=\"http://creativecommons.org/licenses/by/4.0/\"\u003e\u003cimg alt=\"Creative Commons License\" style=\"border-width:0\" src=\"https://i.creativecommons.org/l/by/4.0/88x31.png\" /\u003e\u003c/a\u003e\u003cbr /\u003eThis work is licensed under a \u003ca rel=\"license\" href=\"http://creativecommons.org/licenses/by/4.0/\"\u003eCreative Commons Attribution 4.0 International License\u003c/a\u003e.  \nThis project makes use of MITRE ATT\u0026amp;CK\u0026reg; - [ATT\u0026amp;CK Terms of Use](https://attack.mitre.org/resources/legal-and-branding/terms-of-use/).\n\n## :newspaper: 3.0.0 - Kiosk is Here\n\n- Decider is now login-less and responsive.\n- Content updates have been simplified to copying files and restarting Docker.\n- The Docker setup has changed enough that there isn't exactly a 2 \u0026rarr; 3 update process, just a fresh install of 3.\n- The database structure is the same though - so Decider 2.x.y can be leveraged for editing content.\n\n***This is Firefox - but it works on mobile too!***  \n![Screenshot of Decider on a Tiny Browser Window](./docs/imgs/tiny-screens-welcome-3.0.0.png)\n\n## :thinking: What is it?\n\n### :fast_forward: In-Short\n\nA web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT\u0026CK® Framework.\n\n### :closed_book: In-Depth\n\nDecider is a tool to help analysts map adversary behavior to the MITRE ATT\u0026CK Framework. Decider makes creating ATT\u0026CK mappings easier to get right by walking users through the mapping process. It does so by asking a series of guided questions about adversary activity to help them arrive at the correct tactic, technique, or subtechnique. Decider has a powerful search and filter functionality that enables users to focus on the parts of ATT\u0026CK that are relevant to their analysis. Decider also has a cart functionality that lets users export results to commonly used formats, such as tables and [ATT\u0026amp;CK Navigator](https://mitre-attack.github.io/attack-navigator/) heatmaps.\n\n### :book: User Guide\n\n- [Guide in Markdown](./docs/user_guide_3_0_0/user-guide.md)\n- [Guide in HTML](./app/static/user-guide.html)\n\n**Note:** *The MD can be viewed directly on GitHub, while the HTML must be downloaded for local viewing. The MD will appear slightly weird - as it contains Pandoc directives used in generating the HTML.*\n\n### :triangular_ruler: Intended Purpose\n\nDecider ultimately tries to make mapping to [ATT\u0026amp;CK](https://attack.mitre.org/) easier.\n\nIt offers:\n- A question tree with pagination of results (structures your progress)\n- Technique search + filtering options\n- Suggestions of other techniques that may have occurred\n\nDecider does not intend to replace the ATT\u0026amp;CK site - but rather, it acts as a complementary tool that leads you there in the end. Only information assisting mapping is included.\n\n## :computer: In-App Screenshots\n\n### :deciduous_tree: Question Tree\n\n\\(*you are here*\\)**\\[Matrix \u003e Tactic\\]** \u003e Technique \u003e SubTechnique\n![Decider's Question Tree Page](./docs/imgs/question-tree-3.0.0.png)\n\n### :mag: Full Technique Search\n\nBoolean expressions, prefix-matching, and stemming included.\n![Decider's Full Technique Search Page](./docs/imgs/full-search-3.0.0.png)\n\n## Installation\n\n### :whale: Docker\n\n**Best option for 99% of people**\n\n```bash\ngit clone https://github.com/cisagov/decider.git\ncd decider\ncp .env.docker .env\n# edit .env - define DB_ADMIN_PASS, DB_KIOSK_PASS, CART_ENC_KEY, APP_ADMIN_PASS\n# no default passwords are given :)\ncp -r default_config/. config/\nsudo docker compose up\n```\n\nThen visit the link once started (default: http://localhost:8001/).\n![Decider on Docker Boot Terminal Output](./docs/imgs/docker-started-3.0.0.png)\n\n#### Config Made Easy\n\nChanging `config/`? Just:\n\n```bash\nsudo docker compose stop\nsudo docker compose start\n```\n\nHowever, changing variables in .env requires\n\n```bash\nsudo docker compose up\n```\n\nwhich will recreate containers with modified environments\n\n#### HTTPS / URL\n\n##### Endpoint Determination (.env vars):\n\n- `WEB_HTTPS_ON=''` -\u003e http://`WEB_IP`:`WEB_PORT`/\n- `WEB_HTTPS_ON='anything'` -\u003e https://`WEB_IP`:`WEB_PORT`/\n\n##### HTTPS Cert Location\n\n- Write these 2 files to set SSL up:\n  - config/certs/decider.key\n  - config/certs/decider.crt\n- If either file is missing, a self-signed cert is generated and used instead\n\n### :technologist: Manual Install\n\n#### :warning: Instructions out of date\n\n- Docker is the preferred method of install\n- The manual install instructions require adjustments if followed\n  - You need Python 3.12+ (instructions mention Python 3.8.16, which **will not** work :warning:)\n  - You may need PostgreSQL 16 (instructions mention PostgreSQL 12+, which ***should*** work)\n\n#### Ubuntu 22.04\n\n[Ubuntu Install Guide](docs/install/Ubuntu_22.04.2.md)\n\n#### CentOS 7\n\n[CentOS Install Guide](docs/install/CentOS_7.md)\n\n#### Pip Requirements Note\n\n##### For Everyone\n```bash\npip install -r requirements-pre.txt\npip install -r requirements.txt\n```\n\n##### For Developers\n```bash\npip install -r requirements-dev.txt\npre-commit install\n```\n\n#### Other OSes\n\nRead the Ubuntu \u0026amp; CentOS guides and recreate actions according to your platform.\n\n##### Windows\n\n`open()` in Python uses the system's default text encoding\n- This is `utf-8` on macOS and Linux\n- This is `windows-1252` on Windows\n  - This causes issues in reading the jsons for the database build process\n  - Adding `encoding='utf-8'` as an arg in each `open()` ***may*** allow Windows deployment\n\n##### macOS\n\n(M1 users at least) Make sure to (1) install Postgres before (2, 3) installing the pip requirements\n1. `brew install postgresql`\n2. `pip install -r requirements-pre.txt`\n3. `pip install -r requirements.txt`\n\n## :gear: Requirements\n\n*as of April 24th, 2023*\n\n### Software\n\n#### Docker\n\nExact required version(s) unspecified.\n- An up-to-date version of Docker and Docker Compose should be used.\n- `docker compose` should work, whereas `docker-compose` is outdated.\n\n#### Manual\n\n- Operating System\n  - CentOS 7+\n  - Ubuntu 22.04.2+\n  - Fedora 37+ works fine *\\(earlier versions should work too\\)*\n- Python 3.12+ (instructions mention Python 3.8.16, which **will not** work :warning:)\n- PostgreSQL 16 (instructions mention PostgreSQL 12+, which ***should*** work)\n\n### Hardware\n\n#### Suggested Specs\n\n- 1-2 Cores\n- 1-2 GB Memory\n- 20 GB Disk Space\n\nDecider has not yet been tested against many concurrent users (this is soon to change).  \nBut it is extremely lightweight - it sits at roughly 250MB of RAM total for both containers (`docker stats`).  \nIt does peak during the build process where sources are loaded into RAM, hitting 375MB or so.\n\n## :judge: ATT\u0026amp;CK\u0026reg; Data Disclaimer\n\nJSONs under default_config/build_sources/enterprise-attack are pulled from https://github.com/mitre-attack/attack-stix-data/tree/master/enterprise-attack\n\n\u0026copy; 2023 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.\n\n## Appendix A: Updating ATT\u0026amp;CK Content on Decider 1/2\n\n### :whale: Docker Update Instructions\n\n```bash\n# (in repo root)\n\n# pull v13 content\ngit pull\n\n# remove containers (DB data is safe)\nsudo docker compose down\n\n# rebuild images (v13 files copy-over)\nsudo docker compose up --build\n\n# add version\nsudo docker exec decider-web python -m app.utils.db.actions.add_version --config DefaultConfig --version v13.0\n```\n\n### :technologist: Manual Update Instructions\n\n```bash\n# (install root, same as repo root, contains app/ folder)\ncd /opt/decider/1.0.0\n\n# use decider app-user, with app venv, for add_version script\nsudo -u decider -g decider /opt/decider/python3.8.10/bin/python3.8 -m app.utils.db.actions.add_version --config DefaultConfig --version v13.0\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcisagov%2Fdecider","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcisagov%2Fdecider","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcisagov%2Fdecider/lists"}