Blue Team Guides
Red Team GuidesRed Team RecipeDevSecOps Guides
  • Introduction
  • Preparation
  • Identify Scope
  • Protect Defend
  • Detect Visibility
  • Respond Analysis
  • Recover Remediate
  • Tactics Tips And Tricks
  • Incident Management Checklist
  • Security Incident-Identification Schema
  • Hardening
    • main
    • SCM
    • WSUS
    • OSSEC
    • Ansible
    • Firewalld
  • XDR
    • Wazuh
  • Query Language
    • KQL
    • EQL
  • Events
    • eventvwr
    • Sysmon
  • Threat Intelligence
    • Origin
    • IOC
  • CSIRT
    • Resources
  • Digital Forensic
    • Resources
  • SOAR
    • Workflow
  • Virtual Patching
    • Modsecurity
  • Resources
    • Book
    • Standards
    • Blogs
    • Labs
    • Certificate
  • Malware
    • Sandbox
  • Scenario
    • General
    • Purple Teaming
Powered by GitBook
On this page

Security Incident-Identification Schema

PreviousIncident Management ChecklistNextmain

Last updated 1 year ago

Identifying Security Incidents Related to Advanced Persistent Threats (APTs)

Group Categorization

Group Reviews

Recent Incidents

General Source:

Identifying Threats Using Patterns:

  • Actor: [Individual or entity responsible for the threat]

  • Action: [Actions taken or methods used by the threat actor]

  • Asset: [Targeted resources or information]

  • Attribute: [Characteristics or properties related to the incident]

Prioritized Defended Asset List (PDAL) List and prioritize assets to defend Source:

Action Framework Structured Threat Information eXpression (STIX) Source:

KILL CHAIN MAPPING Information list for KILL CHAIN MAPPING Source:

STIX Project
Lockheed Martin - Intel Driven Defense
MITRE ATT&CK Groups
FireEye APT Groups
Pauli APT Review
Peerlyst APT Wiki
Malpedia
VERIS Community