Manage Malware

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • Manage the malware information that you imported from the MITRE TAXII collections. It is a type of TTP that represents malicious code.

    Before you begin

    It refers to a program that is covertly inserted into a system. The intent of a malware is to compromise the confidentiality, integrity, or availability of the victim's data, applications, or operating system (OS).

    Role required: sn_sec_tisc.analyst

    Procedure

    1. To view the MITRE ATT&CK Repository data, navigate to Workspaces > Threat Intelligence Security Center > Threat Intel Library > MITRE ATT&CK > Groups.
      You can view the listed malware.
    2. Click a malware to view all the associated information.
    3. Click New to manually create the MITRE ATT&CK malware.
    4. Fill in the fields appropriately.
      Table 1. Create New MITRE Malware - Details
      Field Description
      ID Unique ID for a course of action to prevent an attack.
      Revoked Indicates that the revoked objects are no longer considered valid by the object creator.
      Name Enter a descriptive name to identify the object.
      Source Specifies the threat source from which this object record is created.
      Aliases A list of other names to identify this object.
      Created Time In Source Specifies the time the object is created in the source.
      Modified Time In Source Specifies the time the object is modified in the source.
      Description A description that provides more details and context about the object, potentially including its purpose and its key characteristics.
      Contributors Specifies the contributors.
      Insights
      Notes Any additional information related to the mitigation.
      Additional Information
      Additional Context Add any additional context for this object.
      Comments Add any comments for this object.
    5. Click Save.
    6. To view how these objects are related, click Relationships.