Two-headed brother of Cerberus — Orthrus links two worlds: your vulnerability findings and the attacker's playbook.
A CVE number tells you something is broken — it doesn't tell you what an adversary does with it. Detection engineers and threat-informed defenders think in techniques and tactics, but vulnerability data arrives stripped of that context, leaving two teams staring at the same finding in two different languages.
Orthrus fetches the live MITRE ATT&CK→CVE mapping and tags each CVE in your navi.db with its impact and technique. Every finding gains an attacker's-eye label — which technique it enables, what the adversary gets — so vulnerability data finally speaks the language of threat-informed defense.
Orthrus pulls the ATT&CK→CVE mapping live, matches it against the CVEs in your local navi.db, and proposes technique and impact tags. All writes are proposed, human-approved, and logged.
Illustrative demo-lab context — not a guarantee. Technique coverage is bounded by the public ATT&CK→CVE mapping; not every CVE has a mapped technique, and Orthrus doesn't pretend otherwise.
Orthrus pairs naturally with Laelaps — KEV says “exploited,” ATT&CK says “here's the play” — and feeds On the Scent, where technique context enriches the executive exposure view.
Threat-informed defense programs mapping coverage to techniques, and detection engineers who want to know which techniques their unpatched estate actually enables.
Ask Orthrus what your CVEs mean to an attacker — both heads are already watching.