Attack modes and methods Attack modes and methods, sometimes referred to as Tactics, Techniques, and Procedures (TTPs), are representations of how cyber adversaries behave. They characterize what these adversaries do and how they do it, in increasing levels of detail. For example, an attack mode/method might be to use malware to steal credit card credentials. Or another, related tactic (at a lower level of detail) might be to send targeted emails with attachments that contain malicious code, which executes upon opening, captures credit card information from keystrokes, and uses http to communicate with a command and control server to transfer information. Define an attack mode/methodAttack modes and methods are imported with STIX data, but you can add new modes/methods, as needed.Add an IoC to an attack mode/methodIn addition to importing indicators as STIX data, you can add IoCs to an attack mode/method manually.Add a related attack mode methodIn addition to importing attack modes/methods as STIX data, you can add related attack modes/methods manually.Add associated task to an attack mode/methodIn addition to importing associated tasks (such as changes and incidents) as STIX data, you can add them to an attack mode/method manually.