Tool 06b BETA
Detection Workbench v2
Kill chain coverage tracking, multi-dimensional confidence scoring, and maturity programme management.
🔗
Import detected — ready to load. Select entry point below and click Start.
Programme Identity
Entry Point — How are you loading techniques?
Manual
Start blank. Add techniques to each stage manually.
From Profile
Load prioritised techniques from the ATT&CK Threat Profiler.
From Threat Actor
Load techniques from a specific threat actor's known TTPs.
Import Session
Continue from a previously exported v2 session JSON file.
Frameworks in scope
Enterprise ATT&CK
ICS / OT ATT&CK
MITRE ATLAS
OWASP LLM Top 10
Kill chain stages in scope — partial chains fully supported
Platforms in scope
Windows
Linux
macOS
Cloud / IaaS
Containers
Network
SaaS
PRE (Recon)
Detection Scenario
Manual
⭐ Build Priority Queue
Maturity Trend
Load multiple session files to compare progress over time.
No comparison sessions loaded. Export your current session, then load it alongside a future session to see maturity trends.
Coverage Summary
0
Total
0
Confirmed
0
High
0
Medium
0
Low/None
🗺️ Send to Heatmap Builder
Export confidence scores as an ATT&CK Navigator layer — colour-coded by band — and open in the Heatmap Builder.
Executive Summary
Stage RAG breakdown, overall programme score, top blind spots, and recommended next steps. No T-codes — suitable for non-technical stakeholders.
Purple Team Scope Report
Techniques to emulate by stage, expected detections to fire (blue team focus), and confirmed blind spots (red team focus).
Hunting Backlog
Prioritised list of techniques at Low/Not Ready with high threat intel frequency. Manual hunting queries without formal rule deployment.
Detection-as-Code JSON
Structured export per technique: confidence scores, log sources, CAR reference, Sigma YAML, AI templates. Designed for CI/CD pipeline consumption.
Sigma Templates
Vendor-agnostic Sigma rule skeletons. Community rules where available, AI-generated where not. Field placeholders for analyst completion.
Session JSON — Save Progress
Complete session state including all confidence scores, notes, and templates. Re-import to continue tracking. Use as input to the Trend view.