Define an attack mode/method
- UpdatedJan 30, 2025
- 2 minutes to read
- Yokohama
- Threat Intelligence
Attack modes and methods are imported with STIX data, but you can add new modes/methods, as needed.
Before you begin
Role required: sn_ti.admin
Procedure
- Navigate to All > Threat Intelligence > IoC Repository > Attack Mode/Method.
- Click New.
-
Fill in the fields on the form, as appropriate.
Field Description Select classification tag If you set up and activated classification tags to add metadata to the record, you can select one or more tags to specify the degree of sensitivity of the attack mode/method. If you did not set up or activate classification tags, this drop-down list is not displayed.
Title Enter a descriptive name for this attack mode/method. Malware Type Select the malware type for this attack mode/method. The available malware types are retrieved from the vendor server as STIX data. Source Select the threat data source for this attack mode/method. Some data sources are included with the base system. You can create new data sources as needed. Attack mechanism Select the attack mechanism for this attack mode/method. Attack mechanisms represent the different techniques used to attack a system. The available attack mechanisms are retrieved from the vendor server as STIX data. First Seen This date is retrieved from the vendor server as STIX data. Last Seen This date is retrieved from the vendor server as STIX data. Threat Actor Type Select the threat actor type for this attack mode/method. Threat actor types characterize malicious actors (or adversaries) representing a cyber attack threat, including presumed intent and historically observed behavior. The available threat actor types are retrieved from the vendor server as STIX data. Description Enter a description of the attack mode/method. Handling Enter instruction for how to handle this attack mode/method. Intended effect Enter the intended effect of this type of attack. -
Right-click in the form header and click Save.
You can view any of the following related lists to view additional information.
Related List Description Related Indicators Lists related Indicators of Compromise (IoC) that have been identified by the threat source. Child Attack mode/method Lists attack modes/methods that are children of the parent attack mode/method. Associated Tasks Lists changes associated with the parent attack mode/method.
Related Content
- Add an IoC to an attack mode/method
In addition to importing indicators as STIX data, you can add IoCs to an attack mode/method manually.
- Add a related attack mode method
In addition to importing attack modes/methods as STIX data, you can add related attack modes/methods manually.
- Add associated task to an attack mode/method
In addition to importing associated tasks (such as changes and incidents) as STIX data, you can add them to an attack mode/method manually.