TISC Library Repository Release version: Washingtondc Updated February 1, 2024 1 minute to readIoC repository contains STIX objects, each of these objects contain a specific piece of information. ObservablesObservables represent stateful properties (such as the MD5 hash of a file or the value of a registry key) or measurable events (such as the creation of a registry key or the deletion of a file) that are pertinent to the operation of computers and networks.IndicatorsIndicators are artifacts observed on a network or operating system that are likely to indicate an intrusion. Typical IoCs are virus signatures and IP addresses, MD5 hashes of malware files or URLs, or domain names.Attack PatternsAttack patterns are a type of Tactics, Techniques, and Procedures (TTPs) that describe the methods that adversaries attempt to compromise targets.CampaignCampaign is defined as grouping of adversarial behaviors that describes a set of malicious activities or attacks, sometimes called waves that occur over a period of time against a specific set of targets.Courses of ActionCourses of action is an action taken either to prevent an attack or to respond to an attack that is in progress.IdentityIdentities represent actual individuals, organizations or groups, and classes of individuals, systems, or groups. Identities apply for STIX 2.x.InfrastructureThe Infrastructure SDO represents a type of Tactics, Techniques, and Procedures (TTPs). They describe any systems, software services, and any associated physical or virtual resources intended to support some purpose of an attack. Infrastructure applies for STIX 2.x.Intrusion SetAn Intrusion Set is a grouped set of adversarial behaviors and resources with common properties. An Intrusion Set usually involves a single organization. Intrusion set applies for STIX 2.x.LocationA Location represents a geographic location. Locations are primarily used to give context to other SDOs. Locations apply for STIX 2.x.MalwareMalware is a type of TTP that represents malicious code. It refers to a program that is covertly inserted into a system. Malware applies for STIX 2.x.Malware AnalysisMalware Analysis captures the metadata and results of a malware. Malware analysis applies for STIX 2.x.Object SightingSightings denote that an object was seen. Objects may be a malware, tool, threat actor, and so on.Observed DataObserved Data conveys information about cyber security-related entities such as files, systems, and networks using the STIX Cyber-observable Objects (SCOs). Observed data applies for STIX 2.x.Threat ActorThreat Actors are individuals, groups, or organizations who act with malicious intent. Threat actors applies for STIX 2.x.Threat EventAn event or situation that has the potential for causing undesirable consequences or impact.Threat GroupingA Threat Groupings object explicitly asserts that the referenced STIX Objects have a shared context. Threat groupings applies for STIX 2.x.Threat NoteA Threat Note conveys informative text to provide additional analysis not contained in the STIX Objects, Marking Definition objects, or Language Content objects which the Note relates to. Threat notes applies for STIX 2.x.Threat OpinionAn Opinion is an assessment of the accuracy of the information in a STIX Object produced by a different entity. Threat opinions apply for STIX 2.x.Threat ReportThreat Reports are collections of threat intelligence focused on one or more topics. Threat reports apply for STIX 2.x.ToolTools are legitimate software that are used by threat actors to perform attacks. Tools apply for STIX 2.x.VulnerabilityA Vulnerability is a weakness or defect in a software or hardware component that attackers exploit. Vulnerabilities apply for STIX 2.x.Marking DefinitionThe marking-definition object represents a specific marking. Data markings typically represent handling or sharing requirements for data.Data ComponentData components are used to identify specific properties or values of a data source.Data SourcesData sources represent the various subjects/topics of information that can be collected by sensors/logs. Data sources also include data components, which identify specific properties/values of a data source.Define RSS FeedsA threat intelligence feed is a real time, continuous data stream that gathers information related to cyber risks or threats. RSS Feeds provides an easy way to stay up to date with your favorite websites, such as blogs or latest cyber security news.Relationships ObjectsUse the relationships objects to link together two observables or an observable and SDO to explain how they relate to each other.Potential RelationshipsThe application uses automated correlation to establish potentially possible relationships between two SDOs, two Observables or an observable and SDO.Related conceptsUnderstanding the Data ModelTISC Library Objects form viewAutomated CorrelationRelated tasksExport intelligence dataConfirm Potential Relationships from Related Records
TISC Library Repository Release version: Washingtondc Updated February 1, 2024 1 minute to readIoC repository contains STIX objects, each of these objects contain a specific piece of information. ObservablesObservables represent stateful properties (such as the MD5 hash of a file or the value of a registry key) or measurable events (such as the creation of a registry key or the deletion of a file) that are pertinent to the operation of computers and networks.IndicatorsIndicators are artifacts observed on a network or operating system that are likely to indicate an intrusion. Typical IoCs are virus signatures and IP addresses, MD5 hashes of malware files or URLs, or domain names.Attack PatternsAttack patterns are a type of Tactics, Techniques, and Procedures (TTPs) that describe the methods that adversaries attempt to compromise targets.CampaignCampaign is defined as grouping of adversarial behaviors that describes a set of malicious activities or attacks, sometimes called waves that occur over a period of time against a specific set of targets.Courses of ActionCourses of action is an action taken either to prevent an attack or to respond to an attack that is in progress.IdentityIdentities represent actual individuals, organizations or groups, and classes of individuals, systems, or groups. Identities apply for STIX 2.x.InfrastructureThe Infrastructure SDO represents a type of Tactics, Techniques, and Procedures (TTPs). They describe any systems, software services, and any associated physical or virtual resources intended to support some purpose of an attack. Infrastructure applies for STIX 2.x.Intrusion SetAn Intrusion Set is a grouped set of adversarial behaviors and resources with common properties. An Intrusion Set usually involves a single organization. Intrusion set applies for STIX 2.x.LocationA Location represents a geographic location. Locations are primarily used to give context to other SDOs. Locations apply for STIX 2.x.MalwareMalware is a type of TTP that represents malicious code. It refers to a program that is covertly inserted into a system. Malware applies for STIX 2.x.Malware AnalysisMalware Analysis captures the metadata and results of a malware. Malware analysis applies for STIX 2.x.Object SightingSightings denote that an object was seen. Objects may be a malware, tool, threat actor, and so on.Observed DataObserved Data conveys information about cyber security-related entities such as files, systems, and networks using the STIX Cyber-observable Objects (SCOs). Observed data applies for STIX 2.x.Threat ActorThreat Actors are individuals, groups, or organizations who act with malicious intent. Threat actors applies for STIX 2.x.Threat EventAn event or situation that has the potential for causing undesirable consequences or impact.Threat GroupingA Threat Groupings object explicitly asserts that the referenced STIX Objects have a shared context. Threat groupings applies for STIX 2.x.Threat NoteA Threat Note conveys informative text to provide additional analysis not contained in the STIX Objects, Marking Definition objects, or Language Content objects which the Note relates to. Threat notes applies for STIX 2.x.Threat OpinionAn Opinion is an assessment of the accuracy of the information in a STIX Object produced by a different entity. Threat opinions apply for STIX 2.x.Threat ReportThreat Reports are collections of threat intelligence focused on one or more topics. Threat reports apply for STIX 2.x.ToolTools are legitimate software that are used by threat actors to perform attacks. Tools apply for STIX 2.x.VulnerabilityA Vulnerability is a weakness or defect in a software or hardware component that attackers exploit. Vulnerabilities apply for STIX 2.x.Marking DefinitionThe marking-definition object represents a specific marking. Data markings typically represent handling or sharing requirements for data.Data ComponentData components are used to identify specific properties or values of a data source.Data SourcesData sources represent the various subjects/topics of information that can be collected by sensors/logs. Data sources also include data components, which identify specific properties/values of a data source.Define RSS FeedsA threat intelligence feed is a real time, continuous data stream that gathers information related to cyber risks or threats. RSS Feeds provides an easy way to stay up to date with your favorite websites, such as blogs or latest cyber security news.Relationships ObjectsUse the relationships objects to link together two observables or an observable and SDO to explain how they relate to each other.Potential RelationshipsThe application uses automated correlation to establish potentially possible relationships between two SDOs, two Observables or an observable and SDO.Related conceptsUnderstanding the Data ModelTISC Library Objects form viewAutomated CorrelationRelated tasksExport intelligence dataConfirm Potential Relationships from Related Records