← Docs
Recipe

Attack-tree builder for a target system

Model threat paths hierarchically — root goal, intermediate nodes, leaf tactics — then assign cost, skill, and detection ratings to each branch.

Structure

Every tree starts with a single root node representing the adversary's ultimate objective. Children decompose that goal into AND/OR sub-goals. Leaves are concrete TTPs mapped to MITRE ATT&CK.

Attributes

  • cost — estimated USD or effort-hours
  • skill — none, low, medium, high, nation-state
  • detection — likelihood of triggering alerts (1–5)
  • mitigation — linked control or countermeasure

Scoring

Aggregate leaf attributes upward. Branches with low cost, low skill, and low detection surface are priority remediation targets. Export as JSON for integration with risk registers.

Quick start

  1. Define the root goal (e.g. “exfiltrate customer DB”)
  2. Add AND children for required preconditions
  3. Add OR children for alternative paths
  4. Attach leaf TTPs with attributes
  5. Run the scoring pass to highlight weakest links
Back to docsAll recipes