Security Incident-Identification Schema

Identifying Security Incidents Related to Advanced Persistent Threats (APTs)
Group Categorization
Group Reviews
Recent Incidents
General Source: VERIS Community
Identifying Threats Using Patterns:
  • Actor: [Individual or entity responsible for the threat]
  • Action: [Actions taken or methods used by the threat actor]
  • Asset: [Targeted resources or information]
  • Attribute: [Characteristics or properties related to the incident]
Action Framework Structured Threat Information eXpression (STIX) Source: STIX Project
KILL CHAIN MAPPING Information list for KILL CHAIN MAPPING Source: Lockheed Martin - Intel Driven Defense
Prioritized Defended Asset List (PDAL) List and prioritize assets to defend Source: