ttp-mapper
The ttp-mapper is an AI-driven tool designed to analyze and map tactics, techniques, and procedures (TTPs) to the MITRE ATT&CK framework within Canva automated security workflows. It enhances threat intelligence processes by providing strategic analysis of threat reports and associating tools with applicable techniques.
Ideal Use Cases & Fit
This tool excels in environments requiring detailed threat actor analysis, particularly when analyzing threat reports in various formats such as PDF, TXT, or MD. It is ideal for use cases involving the mapping of threat actors to their techniques, enabling teams to understand attack patterns and better defend against potential threats. It is less applicable in scenarios where extensive strategic analysis is unnecessary or where immediate tool detection is required without contextual analysis.
Value in Workflows
Integrating ttp-mapper within security workflows offers significant value by facilitating early reconnaissance and threat assessment phases. By automating the mapping of TTPs to MITRE techniques, it allows security teams to streamline their intelligence assessments. It can also play a vital role in post-processing, where detailed insights can inform mitigation strategies and enhance overall cybersecurity posture.
Input Data
The ttp-mapper accepts the following input data:
- Format: PDF, TXT, or MD files (threat reports)
- Function: Analyze threat reports for TTP mapping
- Required fields: None
- Example:
report1.pdf,report2.txt
Configuration
- threat-actor: Identify and analyze articles pertaining to a specific threat actor from Zynap's source repositories. Accepts both canonical names and known aliases (e.g. "APT28" or "Fancy Bear" will return the same results).
- web-reports: Provide a list of up to ten comma-separated URLs or GitHub repositories for in-depth analysis.
- tram-only: Specify whether to skip the strategic analysis stage, omitting AI-driven kill chains and mitigations. Updated: 2026-03-04