As a user of the ATT&CK Navigator, I want to be able to define and visualize ordered sequences of techniques in a layer. This capability can be used for tracking the "path" of an attack as it moves between techniques, for highlighting different techniques during a presentation, or other as-of-yet unidentified use cases.

Data Structure

In a layer, the technique sequence can be defined using the following data structure. Each item in the sequence is a list of Techniques that are "active" during that step.

"sequence": [
    [{
        "techniqueID": "T1548",
        "tactic": "privilege-escalation",
    }],
    [{
        "techniqueID": "T1134",
        "tactic": "defense-evasion",
        "comment": "comment to be displayed during this step of the sequence. The technique is also be scored or colored differently during this step of the sequence",
        "score": 25,
        "color": "#aaffaa"
    }],
    [{
        "techniqueID": "T1548",
        "tactic": "privilege-escalation",
        "comment": "techniques can be visited multiple times during the sequence"
    }],
    [
        {
            "techniqueID": "T1055.004",
            "tactic": "defense-evasion",
            "comment": "multiple techniques can be active during a step",
        }
        {
            "techniqueID": "T1053",
            "tactic": "execution",
            "comment": "this technique is also active during this step",
        }
    ]
]

Visualization

• The annotations defined on the techniques of a step supersede the annotations otherwise present on the techniques, and can be displayed alongside them in the UI within the tooltip, e.g "score | score during step 5". Annotations like color and score-assigned-color override the original color entirely.
• If only one technique is defined on the step, and the technique includes annotations, force-show the tooltip for that technique.
• The active techniques should also be highlighted in the UI by colored border or callout a la d3-annotation. A simple colorful border like this may be sufficient:
  
• If a sub-technique is active during the step, it's parent should be automatically expanded to show it, and once it becomes inactive, the parent should collapse to keep the UI as uncluttered as possible.

Playback

There should be a playback panel for stepping through the sequence. The playback panel should include step controls to move forward and backwards, a control to allow the user to enter the step number manually, and a "restart" button to jump to the start of the sequence. There should also be options for how the steps are visualized, e.g the highlight color, whether tooltips are force-shown, and the expansion/collapsing of techniques when sub-techniques are present on a step.

Possible extensions

• Should the user be able to group steps somehow? E.g a user might want to show a label that says "the adversary is trying to do X" during steps 5-8 but that isn't associated with any specific technique.