MITRE ATT&CK - Interactive Map Basics
The MITRE Map is a lightweight, analyst‑oriented visualization of the MITRE ATT&CK Enterprise matrix. It helps you explore adversary behaviors, select techniques, and quickly reuse them in detection engineering workflows (Sigma, YARA, SIEM rules, etc.).
1. Understanding the MITRE matrix
The MITRE ATT&CK framework models real‑world adversary behavior using:
- Tactics - the attacker’s high‑level goals (columns)
- Techniques - how those goals are achieved (Txxxx)
- Sub‑techniques - more granular variants (Txxxx.xxx)
In this map, tactics are displayed as columns and techniques are listed underneath. Sub‑techniques can be expanded on demand.
2. Technique interaction & selection
Each technique tile is fully interactive:
- Hover or click to view a quick description and metadata
- Select one or multiple techniques to build a working set
- Expand parents to reveal sub‑techniques
Selected techniques remain highlighted and are tracked in a persistent counter at the top of the page.
3. Using URL parameters (deep‑linking)
The MITRE Map supports URL‑based pre‑selection. This allows seamless integration with other tools such as Sigma or YARA builders.
Supported parameter
?t= — comma‑separated list of MITRE technique IDs
Example:
/mitre/map?t=T1059,T1566
- Techniques are automatically selected on page load
- Sub‑techniques auto‑expand their parent technique
- The selection counter is updated immediately
4. Export & reuse
Once techniques are selected, they can be reused instantly:
- Copy as plain list (T1059, T1566, …)
- Copy as structured JSON
- Copy as Sigma / YARA compatible tags
This enables fast pivoting between threat modeling and detection engineering.
Design philosophy
This MITRE Map is intentionally minimal. It focuses on speed, clarity and interoperability rather than full ATT&CK Navigator feature parity. The goal is to stay close to analyst workflows, not to replace MITRE tooling.