Community-assisted intelligence
Improve the record.
AttackTrace accepts structured source, mapping, and detection suggestions attached to intelligence objects. This is a review system, not a chat room.
Contribution types
What belongs here
Source suggestion
Add a primary advisory, vendor report, government note, incident write-up, or research source that changes evidence quality.
Mapping correction
Challenge an ATT&CK or ATLAS relationship when the cited evidence does not support the mapped behavior.
Detection context
Suggest telemetry requirements, detection caveats, false-positive notes, or coverage gaps tied to a record.
Review model
How suggestions become intelligence
- 01
Submitted
A structured suggestion is attached to a CVE, threat activity brief, campaign, technique, or detection record.
- 02
Triaged
AttackTrace checks scope, duplicate status, source quality, and whether the claim is safe to review.
- 03
Reviewed
Domain reviewers evaluate whether the evidence supports the proposed change.
- 04
Accepted or disputed
Accepted changes update the record. Disputed changes remain visible as source-backed uncertainty when useful.
Quality bar
What does not belong
No actor attribution unless the source directly supports it.
No inferred techniques from prerequisites or adjacent conditions.
No offensive how-to content, exploit walkthroughs, or lab instructions.
No general discussion threads detached from an intelligence record.
No AI-generated claims without source traceability and human review.