Skip to content

v1.4.1 — Docs: TTP-focus framing fix

Choose a tag to compare

@jayelbotvibe-web jayelbotvibe-web released this 05 Jul 08:47
d1e3245

Docs-only patch

Clarifies that Purple Loop validates behavioral/TTP detections, not IOCs. MISP and CISA KEV are prioritization inputs to threat-intel-arbiter, which passes ATT&CK techniques — not hashes, IPs, or domains — to Purple Loop.

Changes:

  • README: sharpen 'threats' → 'techniques' in Why this exists and two-repo sections
  • README: add Design decisions / scope section (Pyramid of Pain rationale)
  • DESIGN.md §10: arbiter passes techniques, Purple Loop validates behavioral detections
  • docs/index.html: arbiter DATA says 'emits techniques (not IOCs)'

The code was always correct — these edits make the docs match reality.

What's Changed

  • docs: clarify TTP-focus — MISP/KEV are prioritization inputs, not IOC feeds by @jayelbotvibe-web in #48

Full Changelog: v1.1.1...v1.4.1