{{ report_title }}

Cybersecurity Threat Analysis Report

📊 Threat Statistics

{% if summary_stats %}
  • Total Threats {{ summary_stats.total_threats }}
  • Average Severity {{ "%.2f"|format(summary_stats.average_severity) }}
  • Max Severity {{ "%.2f"|format(summary_stats.max_severity) }}
  • Min Severity {{ "%.2f"|format(summary_stats.min_severity) }}
  • Severity Distribution
    {% for level, count in summary_stats.severity_distribution.items() %}
    {{ level }} {{ count }}
    {% endfor %}
{% endif %}

🎯 MITRE Techniques

{{ total_mitre_techniques_mapped }}

Techniques Mapped

🛡️ STRIDE Distribution

    {% for k, v in stride_distribution.items() if k | lower != 'unknown' %}
  • {{ k }} {{ v }}
    • {% endfor %}
{% if all_threats and summary_stats %} {% set known_threats = all_threats | rejectattr('severity.level', 'equalto', 'UNKNOWN') | rejectattr('stride_category', 'equalto', 'Unknown') | list %} {% set sorted_threats = known_threats | sort(attribute='severity.score', reverse=True) %} {% set critical_count = known_threats | selectattr('severity.level', 'equalto', 'CRITICAL') | list | length %} {% set high_count = known_threats | selectattr('severity.level', 'equalto', 'HIGH') | list | length %}

📋 Executive Summary

{{ "%.1f"|format(summary_stats.max_severity) }}
Max Risk Score
{{ "%.1f"|format(summary_stats.average_severity) }}
Avg Risk Score
{{ critical_count }}
Critical Threats
{{ high_count }}
High Threats
{{ known_threats | length }}
Total Threats

🔥 Top 5 Threats by Severity

{% for threat in sorted_threats[:5] %} {% endfor %}
# Target STRIDE Severity Description
{{ loop.index }} {{ threat.target }} {{ threat.stride_category }} {{ threat.severity.level }} ({{ "%.1f"|format(threat.severity.score) }}) {{ threat.description | truncate(130) }}

🎯 Risk Matrix

Threats plotted by Impact (Y-axis, derived from severity score) vs Likelihood (X-axis, derived from risk signals: CVE + CWE + network exposure). Hover over a dot for details.

Impact ↑
← Likelihood →
Critical High Medium Low
{% endif %} {% if completeness is defined and completeness %} {% set _grade_colors = {"A": "#166534", "B": "#1d4ed8", "C": "#b45309", "D": "#c2410c", "F": "#b91c1c"} %} {% set _grade_color = _grade_colors.get(completeness.grade, "#4b5563") %}
📋 Model Completeness {{ completeness.grade }} · {{ completeness.score_int }}%
{{ completeness.grade }}
{{ completeness.score_int }}%

A higher completeness score improves threat detection accuracy, AI enrichment quality, and severity scoring.

{% for check in completeness.checks %} {% set _row_color = "#166534" if check.score >= 1.0 else ("#b45309" if check.score >= 0.5 else "#b91c1c") %} {% endfor %}
Check Score Wt Hint
{{ check.label }} {% if check.is_boolean %} {{ "✓" if check.score >= 1.0 else "✗" }} {% else %} {{ check.pct }}% ({{ check.passed }}/{{ check.total }}) {% endif %} {{ check.weight }} {{ check.hint }}
{% endif %} {% if ciso_triage and ciso_triage.posture_score is defined %} {% set _posture_colors = {"CRITICAL": "#b91c1c", "HIGH": "#c2410c", "ELEVATED": "#b45309", "MODERATE": "#1d4ed8", "LOW": "#166534"} %} {% set _posture_label = ciso_triage.posture_label | upper if ciso_triage.posture_label else "UNKNOWN" %} {% set _posture_color = _posture_colors.get(_posture_label, "#4b5563") %}

🎯 CISO Risk Briefing

{{ ciso_triage.posture_score }}
/ 10
{{ _posture_label }}

{{ ciso_triage.narrative }}

{% if ciso_triage.top_findings %}

Top Findings

    {% for finding in ciso_triage.top_findings %}
  1. {{ finding.title }} {% if finding.threat_ids %}{{ finding.threat_ids | join(", ") }}{% endif %}
    {{ finding.detail }}
    2. {% endfor %}
{% endif %} {% if ciso_triage.quick_wins %}

Quick Wins

{% for qw in ciso_triage.quick_wins %} {% set _imp_colors = {"HIGH": "#b91c1c", "MEDIUM": "#b45309", "LOW": "#166534"} %} {% set _eff_colors = {"HIGH": "#b91c1c", "MEDIUM": "#b45309", "LOW": "#166534"} %} {% endfor %}
Action Impact Effort Addresses
{{ qw.action }} {{ qw.impact }} {{ qw.effort }} {{ qw.addresses | join(", ") if qw.addresses else "" }}
{% endif %}
{% endif %} {% if attack_id_validation is defined and attack_id_validation and attack_id_validation.has_issues %}

⚠️ ATT&CK ID Validation

{{ attack_id_validation.total_techniques_checked }} technique IDs checked against the local ATT&CK corpus. {% if attack_id_validation.n_invalid %}{{ attack_id_validation.n_invalid }} invalid{% endif %} {% if attack_id_validation.n_revoked %} · {{ attack_id_validation.n_revoked }} revoked{% endif %} {% if attack_id_validation.n_deprecated %} · {{ attack_id_validation.n_deprecated }} deprecated{% endif %}

{% set _issue_colors = {"invalid": "#b91c1c", "revoked": "#c2410c", "deprecated": "#b45309"} %} {% for issue in attack_id_validation.all_issues %} {% endfor %}
Technique ID Issue Threat Target
{% if issue.issue_type != "invalid" %} {{ issue.technique_id }} {% else %} {{ issue.technique_id }} {% endif %} {{ issue.label }} {{ issue.threat_id }} — {{ issue.threat_name[:60] }} {{ issue.threat_target }}
{% endif %} {% if threat_graph is defined and threat_graph and threat_graph.nodes %}

🕸️ Threat Graph

Interactive attack-surface map. Click a node to list its threats. Node colour = highest severity. Edge style: solid = encrypted, dashed = plain.

Click a node to see its threats.
CRITICAL HIGH MEDIUM LOW No threats ⬡ Server   ○ Actor
{% endif %} {% if attack_chains %} {% set _max_chains = 10 %}

⛓️ Attack Chain Analysis

Each row represents a potential pivot chain: an attacker compromises the Entry Point component via its highest-severity threat, then traverses the dataflow to exploit the Target component. Chains are ranked by average severity. {% if attack_chains|length > _max_chains %} Showing top {{ _max_chains }} of {{ attack_chains|length }} chains. {% endif %}

{% for chain in attack_chains[:_max_chains] %} {% set label_lower = chain.chain_label | lower %} {% endfor %}
# Chain Score Entry Point Dataflow / Protocol Target Entry Threat Pivot Threat
{{ loop.index }} {{ chain.chain_label }} ({{ "%.1f"|format(chain.chain_score) }}) {{ chain.source_name }} {{ chain.dataflow_name }} {% if chain.protocol %}
{{ chain.protocol }}{% endif %} 		{{ chain.sink_name }}
{{ chain.entry_threat.stride_category }}
{{ chain.entry_threat.description | truncate(100) }}
{{ chain.pivot_threat.stride_category }}
{{ chain.pivot_threat.description | truncate(100) }}
{% endif %} {% if gdaf_scenarios %}
⚡ GDAF Attack Scenarios {{ gdaf_scenarios | length }} Goal-Driven Attack Flows — click to expand

Objective-based attack paths computed by the Goal-Driven Attack Flow engine. Each scenario models a complete adversary journey from entry point to high-value target, with MITRE ATT&CK techniques assigned per hop. Sorted by path score (highest risk first).

{% for s in gdaf_scenarios %} {% set row_class = 'gdaf-row' + (' gdaf-unacceptable' if s.unacceptable_risk else '') %} {% endfor %}
# Risk Objective Actor Attack Path Score Hops Detection
{{ loop.index }} {{ s.risk_level }}
{{ s.objective }}
{% if s.objective_description %}
{{ s.objective_description | truncate(80) }}
{% endif %}
{{ s.actor }}
{{ s.actor_sophistication }}
 {{ s.path }} {{ s.score }} {{ s.hop_count }} {{ "%.0f%%"|format(s.detection_coverage * 100) }}
{% endif %}
📖 Severity Calculation Explained

{{ severity_calculation_note }}

Legend:
* : Indicates a CAPEC or MITRE mapping was manually added to improve relevance.
: Indicates a mitigation has been implemented (as defined in the implemented mitigations file).

{% if not all_threats %}

✅ No threats identified

Your system appears to be secure based on the current analysis.

{% else %} {% for value in unique_targets %} {% endfor %}

🔍 Detailed Threat Analysis

{% if unique_targets %}
{% endif %}
{% if unique_business_values or all_threats %}
{% endif %}
{% for category in stride_categories %} {% endfor %}
{% for category in stride_categories %}
{% for threat in all_threats if threat.stride_category == category %} {% set ar = threat.accepted_risk if threat.accepted_risk is defined else none %} {% endfor %}
# Target Business Value Source Description Conf. CVEs Severity Risk Signals CAPEC MITRE Techniques MITRE Mitigations D3FEND Mitigations CIS Mitigations NIST Mitigations OWASP Mitigations Detection (SOC)
{{ loop.index }}
 {{ threat.target }} {{ threat.business_value if threat.business_value else 'N/A' }}
{{ threat.source if threat.source else 'pytm' }}
{{ threat.description }} {% if ar %}
{{ ar.decision | replace('_', ' ') | upper }} {% if ar.rationale %} {{ ar.rationale }} {% endif %} {% if ar.reviewer %} — {{ ar.reviewer }} {% endif %} {% if ar.expires %} (expires {{ ar.expires }}) {% endif %}
{% endif %}
{{ threat.threat_key }}
{% if threat.confidence is not none %} {{ "%.2f"|format(threat.confidence) }} {% else %} N/A {% endif %}
{% if threat.cve %} {% endif %}
{{ threat.severity.level }} ({{ "%.1f"|format(threat.severity.score) }}) {% set rs = threat.risk_signals if threat.risk_signals is defined else {} %}
{% if rs.get('cve_match') %}CVE{% endif %} {% if rs.get('cwe_high_risk') %}CWE⚠{% endif %} {% if rs.get('network_exposed') %}NET{% endif %} {% if not rs.get('d3fend_mitigations') %}⛔D3F{% else %}D3F{% endif %}
{% if threat.capecs %} {% endif %}
    {% set all_mitre_mitigations = [] %} {% for tech in threat.mitre_techniques %} {% for mitigation in tech.mitre_mitigations %} {% do all_mitre_mitigations.append(mitigation) %} {% endfor %} {% endfor %} {% if all_mitre_mitigations %} {% for mitigation in all_mitre_mitigations %}
  • {{ mitigation.id }}: {{ mitigation.name }}
    • {% endfor %} {% else %}
  • No specific MITRE mitigations found.
    • {% endif %}
    {% set all_defend_mitigations = [] %} {% for tech in threat.mitre_techniques %} {% for mitigation in tech.defend_mitigations %} {% do all_defend_mitigations.append(mitigation) %} {% endfor %} {% endfor %} {% if all_defend_mitigations %} {% for mitigation in all_defend_mitigations %} {% if mitigation.id %}
  • {{ mitigation.id }}: {{ mitigation.name }}
    • {% endif %} {% endfor %} {% else %}
  • No specific D3FEND mitigations found.
    • {% endif %}
    {% set all_cis_mitigations = [] %} {% for tech in threat.mitre_techniques %} {% for mitigation in tech.cis_mitigations %} {% do all_cis_mitigations.append(mitigation) %} {% endfor %} {% endfor %} {% if all_cis_mitigations %} {% for mitigation in all_cis_mitigations %}
  • {{ mitigation.name }}
    • {% endfor %} {% else %}
  • No specific CIS mitigations found.
    • {% endif %}
    {% set all_nist_mitigations = [] %} {% for tech in threat.mitre_techniques %} {% for mitigation in tech.nist_mitigations %} {% do all_nist_mitigations.append(mitigation) %} {% endfor %} {% endfor %} {% if all_nist_mitigations %} {% for mitigation in all_nist_mitigations %}
  • {{ mitigation.name }}
    • {% endfor %} {% else %}
  • No specific NIST mitigations found.
    • {% endif %}
    {% set all_owasp_mitigations = [] %} {% for tech in threat.mitre_techniques %} {% for mitigation in tech.owasp_mitigations %} {% do all_owasp_mitigations.append(mitigation) %} {% endfor %} {% endfor %} {% if all_owasp_mitigations %} {% for mitigation in all_owasp_mitigations %}
  • {{ mitigation.name }}
    • {% endfor %} {% else %}
  • No specific OWASP mitigations found.
    • {% endif %}
{% set soc = threat.soc_analysis if threat.soc_analysis is defined else none %} {% if soc %}
🔍 {{ soc.detectability | upper }}
{% if soc.missing_logs %}
Missing logs ({{ soc.missing_logs | length }})
    {% for log in soc.missing_logs %}
  • {{ log }}
    • {% endfor %}
{% endif %} {% if soc.siem_rules %}
SIEM rules ({{ soc.siem_rules | length }}) {% for rule in soc.siem_rules %}
{{ rule.title }}
{{ rule.logic }}
{% endfor %}
{% endif %} {% if soc.iocs %}
IOCs ({{ soc.iocs | length }})
    {% for ioc in soc.iocs %}
  • {{ ioc }}
    • {% endfor %}
{% endif %} {% else %} {% endif %}
{% endfor %} {% endif %}