scoutTHREAT - Intrusion Set Objects Overview
B
Written by Benjamin Dewey
Updated over a week ago

An Intrusion Set Object is an Intelligence Object used to represent a group of adversary behaviors attributable to a single organization or individual. It may encompass multiple campaigns or activities that can be tied to a known or unknown threat actor. An Intrusion Set is differentiated from a Campaign in that it may take place against multiple victims across significant timespans—whereas Campaigns are associated with a distinct target and/or a limited timeframe.

The following properties can be added to an Intrusion Set Object:

  • Name The name to be used for this Object (mandatory)

  • Description An optional narrative description of the Intrusion Set

  • Aliases Alternate names of this Intrusion Set

  • First Seen Date the Intrusion Set was first observed

  • Last Seen Date the Intrusion Set was most recently observed

  • Goals The high-level intension of the actors using this Intrusion Set

  • Resource Level Capabilities and resources associated with the Intrusion Set. Begin typing in the box to see a list of existing values.

  • Primary Motivation Main motivation associated with this Intrusion Set. Begin typing in the box to see a list of existing values.

  • Secondary Motivations Secondary motivation associated with this intrusion set. Begin typing in the box to see a list of existing values.

  • Revoked Flag that will permanently make this Object inactive. Note that this cannot be undone.

  • Labels Field allowing for the addition of labels to the Intrusion Set Object

  • Confidence Analytic assessment of the confidence in the data contained within this Intrusion Set Object.

For more information on Intrusion Set Objects, see the STIX 2.1 guide. For help creating Intrusion Set Objects, see scoutTHREAT – Creating an Intrusion Set Object.

Did this answer your question?