Use Case: Analyzing Cyber Threats - STIXProject/use-cases GitHub Wiki


Analyzing Cyber Threats

Abstraction Level (High, Medium or Low): High

Related Use Cases:

Description: A cyber threat analyst reviews structured and unstructured information regarding cyber threat activity from a variety of manual or automated input sources. The analyst seeks to understand the nature of relevant threats, identify them, and fully characterize them such that all of the relevant knowledge of the threat can be fully expressed and evolved over time. This relevant knowledge includes threat-related actions, behaviors, capabilities, intents, attributed actors, etc. From this understanding and characterization the analyst may then specify relevant threat indicator patterns, suggest courses of action for threat response activities, and/or share the information with other trusted parties. For example, in the case of a potential phishing attack, a cyber threat analyst may analyze and evaluate a suspected phishing email, analyze any email attachments and links to determine if they are malicious, determine if the email was sent to others, assess commonality of who/what is being targeted in the phishing attack, determine whether malicious attachments were opened or links followed, and keep a record of all analysis performed.

Stakeholders/Goals:

  • Stakeholder: Stakeholder description (replace with your content)
  • Goal: Goal description (replace with your content)

Preconditions:

  1. Precondition description (replace with your content)

Dependencies:

  1. Dependency description (replace with your content)

Main Success Scenario:

  1. Scenario description (replace with your content)