Threat Model¶
STRIDE analysis + MITRE ATT&CK mapping based on your live findings.
STRIDE categories¶
| Letter | Name | What it covers |
|---|---|---|
| S | Spoofing | Attacker impersonates a user, device, or service |
| T | Tampering | Malicious modification of data or code |
| R | Repudiation | Attacker denies actions (missing audit logs) |
| I | Information Disclosure | Sensitive data exposed |
| D | Denial of Service | Service availability degraded |
| E | Elevation of Privilege | Attacker gains higher privileges |
How it works¶
- Pull RICE-scored findings (checks + software vulns)
- Map each finding to STRIDE + ATT&CK technique IDs
- Aggregate: risk level per category, top findings
- Display as cards + technique list
MITRE ATT&CK coverage¶
For each technique found:
- Technique name + ID (e.g. T1190 Exploit Public-Facing Application)
- Tactic (Initial Access, Execution, etc.)
- Severity from aggregated findings
- Status:
pass/fail/partial/not_applicable - Remediation steps from mapped checks
Why it matters¶
Helps security teams:
- Communicate risk to management (STRIDE is accessible)
- Plan defense-in-depth (ATT&CK phases)
- Justify budget requests with concrete mappings
- Track improvement over time