Define an attack mode/method

Attack modes and methods are imported with STIX data, but you can add new modes/methods, as needed.

Before you begin

Role required: sn_ti.admin

Procedure

  1. Navigate to Threat Intelligence > IoC Repository > Attack Mode/Method.
  2. Click New.
  3. Fill in the fields on the form, as appropriate.
    Field Description
    Select classification tag If you set up and activated classification tags to add metadata to the record, you can select one or more tags to specify the degree of sensitivity of the attack mode/method.

    If you did not set up or activate classification tags, this drop-down list is not displayed.

    Title Enter a descriptive name for this attack mode/method.
    Malware Type Select the malware type for this attack mode/method. The available malware types are retrieved from the vendor server as STIX data.
    Source Select the threat data source for this attack mode/method. Some data sources are included with the base system. You can create new data sources as needed.
    Attack mechanism Select the attack mechanism for this attack mode/method. Attack mechanisms represent the different techniques used to attack a system. The available attack mechanisms are retrieved from the vendor server as STIX data.
    First Seen This date is retrieved from the vendor server as STIX data.
    Last Seen This date is retrieved from the vendor server as STIX data.
    Threat Actor Type Select the threat actor type for this attack mode/method. Threat actor types characterize malicious actors (or adversaries) representing a cyber attack threat, including presumed intent and historically observed behavior. The available threat actor types are retrieved from the vendor server as STIX data.
    Description Enter a description of the attack mode/method.
    Handling Enter instruction for how to handle this attack mode/method.
    Intended effect Enter the intended effect of this type of attack.
  4. Right-click in the form header and click Save. You can view any of the following related lists to view additional information.
    Related List Description
    Related Indicators Lists related Indicators of Compromise (IoC) that have been identified by the threat source.
    Child Attack mode/method Lists attack modes/methods that are children of the parent attack mode/method.
    Associated Tasks Lists changes associated with the parent attack mode/method.