Incident Response

MITRE ATT&CK Severity Mapper

Classify the activity, gauge impact and urgency, then land on a defensible P0–P4 outcome grounded in CAPE and NIST guidance.

1. Submit data for analysis

Summarise the case, keep sensitive details out, then send it for automated ATT&CK mapping.

Keep it short—automated suggestions will propose ATT&CK techniques automatically.

2. Review masked data

Validate the auto-masked summary before it leaves the browser for automated analysis.

Auto-masking removes obvious identifiers, but sensitive data may still remain. Review carefully and never submit PII, secrets, or regulated content to external analysis services.

Run the automated analysis to generate a masked summary for review.

Masked summary ready

3. Review TTP automatically selected

Use AI recommendations and catalogue search to confirm the correct ATT&CK context.

Selecting a result syncs the tactic and technique pickers automatically.

4. Assess impact

Describe the blast radius, privilege level, data sensitivity, and containment status.

5. Set urgency

Choose the response tempo required to keep the situation contained.

6. Review & act

Confirm the CAPE × NIST baseline, see the impact and urgency adjustments, then apply the recommended actions.

Baseline (CAPE × NIST)
P4

Impact vectors
0

Final severity
P4

Recommendations & mitigations

Impact × urgency reference

Impact
Non-Urgent
Short-Term
Rapid
Immediate
Global Impact
P2
P2
P1
P0
Regional Impact
P2
P2
P1
P1
High Impact
P3
P2
P1
P1
Moderate Impact
P4
P3
P2
P2
Low Impact
P4
P4
P3
P3

Use the matrix to sanity-check severity after applying impact vectors and urgency.