DuckIntel / Security Tools
Interactive MITRE ATT&CK Enterprise matrix with 14 tactics and 150+ techniques. Map detection coverage, color techniques, search by ID or name, and export coverage layers.
The MITRE ATT&CK Navigator is an interactive browser-based version of the MITRE ATT&CK Enterprise matrix. It displays all 14 tactics and 150+ techniques used by real-world threat actors, organized in the standard matrix format. Click any technique to see a description, associated sub-techniques, detection guidance, and suggested SIEM queries for hunting that behavior in your environment.
MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is the industry-standard framework for describing attacker behavior. Red teams use it to plan realistic simulations. Blue teams use it to assess detection coverage and prioritize defenses. Threat intelligence analysts use it to map IOCs and TTPs from incident reports to the framework, enabling comparison across campaigns and attribution analysis.
The DuckIntel ATT&CK Navigator lets you color each technique based on your detection coverage: green for covered, yellow for partial, and red for a gap. You can export your coverage layer as JSON to share with your team or import existing layers. The search feature lets you find techniques by ID (T1059) or name (Command and Scripting Interpreter), and filter by tactic to focus on a specific phase of the attack lifecycle.
Related tools
SIEM Query BuilderThreat Hunt PlaybooksAnalyst SimulationsThreat Dashboard
Part of DuckIntel.io — 59 free browser-based security tools for SOC analysts. No login. No tracking. 100% client-side.