Skip to content
@center-for-threat-informed-defense

The Center for Threat-Informed Defense

An R&D organization focused on advancing the state of the art and the state of the practice in threat-informed defense.
README.md

Changing the Game on the Adversary

The Center is a non-profit, privately funded research and development organization operated by MITRE Engenuity. The Center’s mission is to advance the state of the art and the state of the practice in threat-informed defense globally.

Comprised of participant organizations from around the globe with highly sophisticated security teams, the Center builds on MITRE ATT&CK®, an important foundation for threat-informed defense used by security teams and vendors in their enterprise security operations.

THE RESULTS OF OUR RESEARCH & DEVELOPMENT PROJECTS ARE FREELY AVAILABLE TO THE PUBLIC.

Pinned Loading

  1. mappings-explorer mappings-explorer Public

    Mappings Explorer enables cyber defenders to understand how security controls and capabilities map onto the adversary behaviors catalogued in the MITRE ATT&CK® knowledge base. These mappings form a…

    Jinja 93 15

  2. adversary_emulation_library adversary_emulation_library Public

    An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.

    C 2.1k 357

  3. attack-flow attack-flow Public

    Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flow…

    TypeScript 729 122

  4. summiting-the-pyramid summiting-the-pyramid Public

    Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research includes a scoring model, methodology, and worked examples.

    Makefile 57 4

  5. attack-workbench-frontend attack-workbench-frontend Public

    An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository contains an Angular-based web application providing the user in…

    TypeScript 414 73

  6. tram tram Public

    TRAM is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE ATT&CK®.

    Jupyter Notebook 558 112

Repositories

Showing 10 of 33 repositories
  • attack-workbench-rest-api Public

    An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository contains the REST API service for storing, querying, and editing ATT&CK objects.

    center-for-threat-informed-defense/attack-workbench-rest-api’s past year of commit activity
    JavaScript 55 Apache-2.0 18 46 2 Updated Apr 14, 2026
  • fight-fraud-framework Public
    center-for-threat-informed-defense/fight-fraud-framework’s past year of commit activity
    Vue 12 Apache-2.0 0 1 2 Updated Apr 14, 2026
  • attack-workbench-frontend Public

    An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository contains an Angular-based web application providing the user interface for the ATT&CK Workbench application.

    center-for-threat-informed-defense/attack-workbench-frontend’s past year of commit activity
    TypeScript 414 Apache-2.0 73 102 12 Updated Apr 8, 2026
  • attack-powered-suit Public

    ATT&CK Powered Suit is a browser extension that puts the complete MITRE ATT&CK® knowledge base at your fingertips with text search, context menus, and ATT&CK Navigator integration.

    center-for-threat-informed-defense/attack-powered-suit’s past year of commit activity
    JavaScript 82 Apache-2.0 15 6 1 Updated Mar 19, 2026
  • summiting-the-pyramid Public

    Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research includes a scoring model, methodology, and worked examples.

    center-for-threat-informed-defense/summiting-the-pyramid’s past year of commit activity
    Makefile 57 Apache-2.0 4 1 1 Updated Mar 2, 2026
  • mappings-explorer Public

    Mappings Explorer enables cyber defenders to understand how security controls and capabilities map onto the adversary behaviors catalogued in the MITRE ATT&CK® knowledge base. These mappings form a bridge between the threat-informed approach to cybersecurity and the traditional security controls perspective.

    center-for-threat-informed-defense/mappings-explorer’s past year of commit activity
    Jinja 93 Apache-2.0 15 0 3 Updated Mar 2, 2026
  • inform Public
    center-for-threat-informed-defense/inform’s past year of commit activity
    Makefile 0 Apache-2.0 0 0 0 Updated Jan 8, 2026
  • mappings-editor Public

    Mappings Editor is an interactive, web-based tool created by the Center for Threat-Informed Defense for creating mappings of security capabilities to MITRE ATT&CK®. This tool is available as a public beta.

    center-for-threat-informed-defense/mappings-editor’s past year of commit activity
    TypeScript 15 Apache-2.0 3 1 1 Updated Dec 18, 2025
  • attack-sync Public

    ATT&CK Sync is a Center for Threat-Informed Defense project that aims to improve the ability for organizations to consume MITRE ATT&CK® version updates into their internal systems and processes.

    center-for-threat-informed-defense/attack-sync’s past year of commit activity
    Python 24 Apache-2.0 6 2 0 Updated Dec 5, 2025
  • attack-flow Public

    Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.

    center-for-threat-informed-defense/attack-flow’s past year of commit activity
    TypeScript 729 Apache-2.0 122 20 4 Updated Nov 14, 2025
View all repositories

Top languages

Loading…

Most used topics

Loading…