ThreatCompass: A Tool for Identifying and Mapping Security Issues to TTPs

Abstract

Understanding the potential impact of a vulnerability requires more than simply identifying the issue; it involves determining what an adversary could realistically achieve by exploiting it.While frameworks like MITRE ATT&CK formalize adversary tactics, techniques, and procedures (TTPs), connecting concrete security issues to actionable TTPs remains limited. Existing approaches offer only partial solutions: some rely exclusively on static relations, while others are restricted to isolated mappings between frameworks (e.g., CVE → CWE). However, none provide a practical, end-to-end integration of both static and dynamic mappings across the threat intelligence landscape.To address this gap, we introduce ThreatCompass: the first open-source system that automatically identifies security issues, maps them to relevant TTPs using a combination of static knowledge and machine learning techniques, and visualizes the resulting attack graph to support security analysts in actionable decision-making.