FIREWATCH//CTIOPERATIONS CONSOLE
INTEL FEED
REPORT EXTRACTOR
SCAN → TTP
ATTRIBUTION
APT PROFILES
COMPARE
HUNT PLAN
PROFILE MATCH
CASES
BLAST RADIUS
⌂ HOME ATT&CK:
INITIALIZING FIREWATCH // CTI
connecting to MITRE ATT&CK…
Select observed TTPs from the left panel — attribution updates live.

ATTRIBUTION PROBABILITY (naive-Bayes over ATT&CK group–technique mappings)?

NO OBSERVABLES SELECTED
Select techniques observed in your intrusion to begin attribution.
Tip: rare techniques (low group count on the right of each row) carry the most attribution weight.

GROUP DOSSIER ✕ CLOSE
SECTOR:
⚑ Priority Intel Requirements:
⚙ Org profile:
sector:
INTEL FEED IDLE
Threat Reports pulls live from 30+ credible sources (CISA, Talos, Unit 42, Mandiant, DFIR Report…), auto-extracts TTPs + IOCs, and flags anything matching your Priority Intel Requirements.

Switch to Vulnerabilities for live CVEs (NVD + CISA KEV + EPSS) ranked by risk to your sector.

Pick your sector and hit INGEST.
THREAT REPORT INPUT
◈ SEMANTIC MODEL
EXTRACTED TECHNIQUES
No analysis yet.
THREAT GROUPS
Select a group to open its dossier.
COMPARE:
VULNERABILITY INPUT
◈ NESSUS SCAN (.nessus / .xml)
— OR PASTE CVEs —
◈ CVE LIST
CVE → TECHNIQUE MAP
No scan mapped yet. Import a Nessus file or paste CVEs, then map.
HUNT SOURCE
OBSERVED TECHNIQUES
HUNT PLAN
THREAT PROFILES
BUILD A PROFILE
SAVED
COMPARE TARGET:
Build or import a profile, then compare a scan or selection to it.