Security Incident-Identification Schema

Identifying Security Incidents Related to Advanced Persistent Threats (APTs)

Group Categorization

• MITRE ATT&CK Groups

• FireEye APT Groups

Group Reviews

• Pauli APT Review

• Peerlyst APT Wiki

Recent Incidents

• Malpedia

General Source: VERIS Community

Identifying Threats Using Patterns:

• Actor: [Individual or entity responsible for the threat]

• Action: [Actions taken or methods used by the threat actor]

• Asset: [Targeted resources or information]

• Attribute: [Characteristics or properties related to the incident]

Action Framework Structured Threat Information eXpression (STIX) Source: STIX Project

KILL CHAIN MAPPING Information list for KILL CHAIN MAPPING Source: Lockheed Martin - Intel Driven Defense

Prioritized Defended Asset List (PDAL) List and prioritize assets to defend Source: