docs(ttp): add TTP tagging design (order-of-work step 1)

Browse Source

Pre-implementation spec for the TTP-tagging worker. Defines the
ATT&CK-canonical vocabulary, schema (ttp_tag + ttp_rule[_state]),
bus topics, worker shape, lifter layering (rule-based v0,
behavioral/intel/email v0.5, sigma/biometric later), confidence
model, API surface, UI surface, observability, performance targets,
and a CDD plan (Appendix E) that splits contracts from tests with
xfail discipline so CI stays green between steps.

...

This commit is contained in:

anti

2026-05-01 06:02:56 -04:00

parent 9e003d3acd

commit d09764beec

1 changed files with 2864 additions and 0 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

2864

development/TTP_TAGGING.md Normal file

File diff suppressed because it is too large Load Diff