Meet the Hounds · toggle theme, then print
ORTHRUS crest
MEET THE HOUNDS

ORTHRUS

MITRE ATT&CK Tagging
Orthrus Hound · Category: Threat & Exposure
“Turn raw CVEs into adversary-technique context.”

Two-headed brother of Cerberus — Orthrus links two worlds: your vulnerability findings and the attacker's playbook.

THE PROBLEM

A CVE number tells you something is broken — it doesn't tell you what an adversary does with it. Detection engineers and threat-informed defenders think in techniques and tactics, but vulnerability data arrives stripped of that context, leaving two teams staring at the same finding in two different languages.

WHAT IT DOES

Orthrus fetches the live MITRE ATT&CK→CVE mapping and tags each CVE in your navi.db with its impact and technique. Every finding gains an attacker's-eye label — which technique it enables, what the adversary gets — so vulnerability data finally speaks the language of threat-informed defense.

KEY CAPABILITIES

  • Live ATT&CK→CVE mapping fetch — pulls the current public mapping at run time, so technique tags reflect today's adversary knowledge rather than a snapshot from last quarter.
  • Per-CVE technique and impact tags — each finding is labeled with what it actually lets an adversary do — the context that turns a CVE number into a defensive decision.
  • Attacker's-eye framing on your own data — technique context lands directly on the findings you already track, not in a separate feed someone has to remember to read.
  • Gated writes — technique tags are proposed, human-approved, and logged like every other write in the pack.

HOW IT WORKS

Orthrus pulls the ATT&CK→CVE mapping live, matches it against the CVEs in your local navi.db, and proposes technique and impact tags. All writes are proposed, human-approved, and logged.

WHY IT'S DIFFERENT

  • Attacker's-eye framing on top of your findings — not another threat feed to read, but context attached to the vulns you already track.
  • Complements KEV: Laelaps tells you a vuln is proven exploited; Orthrus tells you how it's used — proof and technique together.
  • Bridges two teams — vuln management and detection engineering finally sort the same list the same way.

PROOF POINTS

  • Runs across the same reference environment of 268 assets as the rest of the pack, layering technique context onto the estate's findings — including the 2,631 KEV findings Laelaps surfaced.

Illustrative demo-lab context — not a guarantee. Technique coverage is bounded by the public ATT&CK→CVE mapping; not every CVE has a mapped technique, and Orthrus doesn't pretend otherwise.

WORKS BETTER WITH

Orthrus pairs naturally with Laelaps — KEV says “exploited,” ATT&CK says “here's the play” — and feeds On the Scent, where technique context enriches the executive exposure view.

WHO IT'S FOR

Threat-informed defense programs mapping coverage to techniques, and detection engineers who want to know which techniques their unpatched estate actually enables.

CALL TO ACTION

Ask Orthrus what your CVEs mean to an attacker — both heads are already watching.

THE HOUNDS — a human-in-the-loop security agent pack for Tenable VM / Tenable One.Gated writes · Evidence-first · Honest about coverage