Control Validation Compass


Threat Alignment Threat Model Lookup by Controls TTP Research Knowledge Center

Click Line It Up! to immediately begin exploring controls & tests related to an example threat: Trickbot, a prolific malware. Or modify your threat model, control stack, and other options below to highly customize your results.

Categorized Threats (Motive, Location, Industry)

Choose one or multiple criteria, then select a single adversary or threat category from the right-hand menu. Selecting multiple criteria will narrow your search (usually desired).

Lookup by adversary motive

Lookup by victim industry (scroll for more)

Lookup by adversary or victim location

Adversary Base

Victim Location (Scroll for more)

Select an entire threat category:

No adversaries match selected criteria

No adversaries match selected criteria
Recent Intelligence

View the full library of recent adversary TTP intelligence heatmaps and source content.

Consider using this handy script to easily generate TTP heatmap files from open-source intel reports!

Input Your Own Data

Navigator json contents can also be pasted into the text box below

Threat Model for:


You can complete just the Threat Modeling half of this workflow (with additional visuals!) here

Control Stack

Toggle the controls & testing capabilities used in your environment or otherwise relevant to you. Click the triangles to reveal options within each category.

Policy/Process Controls


Defensive Capabilities

Network & Endpoint Telemetry - Native Controls
Network & Endpoint Telemetry - Third-Party Rule Repositories
Network Telemetry
Endpoint Telemetry

Offensive Capabilities

Unit Tests

Advanced Options
The output has the following settings by default. You can modify them as desired to expand or further refine the techniques covered: