Skip to main content
scoutTHREAT - Creating an Attack Pattern Object
B
Written by Benjamin Dewey
Updated over 2 years ago

Follow these steps:

1. To add a new Attack Pattern object, navigate to Intelligence, then click on Attack Pattern.

2. If any exist, a list of Attack Pattern objects will load with the item Name, Type, date Created and Modified.

3. Click on Create New on the top right side of the page.

4. Enter a name for your Attack Pattern and Description for your object profile.

5. On the right side of the page, click on the empty field under Aliases to add alternative names used to identify this Attack Pattern. Type the name of the alias then click on Create.

6. Kill Chain Phases describe the various stages of a cyber attack. You have the option to select a phase for the Attack Pattern you are creating. Double click on Type to search and choose from the drop-down menu the corresponding kill chain phase.

7. When you are finished, you can click the + icon in the center of the page to save your information.

8. Next, you can choose to add a Note to provide further context or analysis about the object, as well as an Opinion to assess the accuracy of the intelligence data.

For steps on adding Notes and Opinions, see Adding Notes to Objects and Adding Opinions to Objects.

9. To save the Attack Pattern object, click the + icon in the center of the page.

10. After saving, you will have the option to add Relationships and External References to the object.

11. To add a new Relationship, click on Add.

12. A new window will display for adding a new relationship, you will see the following:

  • Source will display the current object which is the name of the Attack Pattern object.

  • You can select from the Relationship type drop-down menu the type of relationship the Attack Pattern object has to the Target.

  • Depending on the Relationship type you select, a Target can be an Identity Object or another Intelligence Object. To add a target, type its name in the Target field.


    NOTE: A Target must already be in the system for it to appear in the field.

  • Depending on the Attack Pattern object, you can the swap the Source and Target names by clicking on Swap & Target.

Under Description you can add details about the Relationship shared with the Attack Pattern object you are creating. Click Add when you are done.

13. Newly added relationships will be listed under Relationships.

14. You can also add already existing External References to an Attack Pattern Object.

  • Click on +Add.

  • A new window will display with a drop-down list of External References you can select from. Choose the name of the External Reference you want then click Add.

    NOTE: You can add one or more External References to an object.

15. Newly added references will be listed under External References.

16. Several icons will appear at the top of the page:

#1. This icon is for deactivating the object profile.

#2. This icon is for sharing the object on TICE.

#3. This icon is for editing the object profile information.


Related Content



Did this answer your question?