Community-assisted intelligence

Improve the record.

AttackTrace accepts structured source, mapping, and detection suggestions attached to intelligence objects. This is a review system, not a chat room.

Contribution types

What belongs here

Source suggestion

Add a primary advisory, vendor report, government note, incident write-up, or research source that changes evidence quality.

Mapping correction

Challenge an ATT&CK or ATLAS relationship when the cited evidence does not support the mapped behavior.

Detection context

Suggest telemetry requirements, detection caveats, false-positive notes, or coverage gaps tied to a record.

Review model

How suggestions become intelligence

  1. 01

    Submitted

    A structured suggestion is attached to a CVE, threat activity brief, campaign, technique, or detection record.

  2. 02

    Triaged

    AttackTrace checks scope, duplicate status, source quality, and whether the claim is safe to review.

  3. 03

    Reviewed

    Domain reviewers evaluate whether the evidence supports the proposed change.

  4. 04

    Accepted or disputed

    Accepted changes update the record. Disputed changes remain visible as source-backed uncertainty when useful.

Quality bar

What does not belong

No actor attribution unless the source directly supports it.

No inferred techniques from prerequisites or adjacent conditions.

No offensive how-to content, exploit walkthroughs, or lab instructions.

No general discussion threads detached from an intelligence record.

No AI-generated claims without source traceability and human review.