FissionOps is a self-hosted incident response platform built for cyber operations teams. Kill chain visualisation, full MITRE ATT&CK coverage, real-time collaboration, and intelligence enrichment — in a single deployable package.
Map attacker activity across Lockheed Martin Cyber Kill Chain, MITRE ATT&CK Enterprise, and MITRE ATT&CK ICS simultaneously. Every incident stage is tracked, visualised, and linked to specific TTPs.
Designed for responders, not managers. Every feature is there because analysts asked for it.
Visualise the relationships between hosts, users, processes, and network connections. Build a live graph of the attacker's footprint as the investigation progresses.
Assign ATT&CK techniques to every observed behaviour. Supports Enterprise and ICS matrices. Search, filter, and export TTP mappings for reporting or sharing with CISA.
Automatically enrich IOCs against VirusTotal, AbuseIPDB, and Shodan. See reputation scores, geolocation, open ports, and historical context without leaving the incident.
Flag IPs, domains, hashes, and email addresses as indicators of compromise. Track IOC status, add analyst notes, and export in STIX/TAXII or plain CSV for blocking.
Multiple analysts work the same incident simultaneously. Live updates, activity feeds, task assignment, and inline comments — no more emailing spreadsheets between shifts.
Generate board-ready executive summaries from the incident timeline automatically. Technical appendices, TTP mappings, IOC lists, and remediation recommendations included. Export to PDF in one click.
FissionOps is designed to run inside your perimeter. Your incident data never leaves your environment. Deploy in minutes with Docker Compose — no cloud dependency required.
# Deploy FissionOps in one command git clone https://github.com/nullvector/fissionops cd fissionops cp .env.example .env # Edit .env with your config docker compose up -d # FissionOps running on https://localhost:8443 ✓ Platform ready in <60 seconds
Single command deployment. All services containerised and pre-configured. Runs on any Linux host with Docker installed — on-premise, air-gapped, or private cloud.
Native SAML 2.0 and OIDC support. Connect FissionOps to your existing identity provider and enforce MFA through your current policies.
Fully operational without internet access. Intelligence enrichment falls back gracefully when external APIs are unavailable. Designed for sensitive and classified environments.
Granular RBAC with predefined roles for Analyst, Senior Analyst, Team Lead, and read-only Executive. Custom roles configurable via the admin panel.
Request a demo or get in touch to discuss licensing and deployment options for your organisation.