This repository provides a Plotly Dash application for cybersecurity analysts to interactively explore attack paths within the MITRE ATT&CK Enterprise matrix. It loads ATT&CK data from a local STIX 2.1 file and allows analysts to build and confirm probable paths across tactics and techniques.
- Renders the full ATT&CK Enterprise matrix as an interactive grid.
- Click a technique to highlight potential previous and next steps based on tactic order and ATT&CK relationships.
- Confirm a traversal path and export it as YAML for use in incident notes.
- Lightweight modular code separated into data loading and matrix utilities.
- Clone the repository and optionally create a virtual environment:
python3 -m venv venv source venv/bin/activate - Install dependencies
pip install -r requirements.txt
- Download ATT&CK Data
Download
enterprise-attack.jsonfrom the MITRE CTI repo and place it underdata/. Seedata/README.mdfor details.
python dash_app.pyOpen the printed local URL in your browser to interact with the matrix.
After selecting techniques, click Confirm Path to lock your traversal. The confirmed path is shown in YAML format and can be copied into notes or reports.
See LICENSE.