Report Templates
Defines the ability to re use the report templates that can be shared within the group of users to generate reports quickly and consistently.
Use this feature to create different types of report templates, which can be applied to case(s) that provides the status of ongoing investigation in relevance to any threat to your organization, and helps in generating reports of the same.
This section explains how to implement CTI reporting at a case level and also provides both admin (template design) and analyst (runtime) experiences.
You can add custom case task form fields or related lists to the report template that are dot-walkable. In addition, you can format and configure the report based on your requirements using various report elements.
Role required: sn_sec_tisc.admin
| Name | Description |
|---|---|
| Case Status Report - Threat Actor Profile | The Report is designed to provide a status about ongoing case investigation related to a threat actor trying to understand the context and relevance of the threat to the organization, adversary behaviour and potential goals, IOC enrichment, associated malware and tools, Observed TTPs, difference from existing TTPs – net new capabilities, slight modifications, and so on. |
| Executive Summary | The Report is designed to inform senior decision makers about a particular risk. The focus is on executive audiences and in support of strategic problems explaining why and how, rather than what and when. Any technical details and appendices in support of long-form, narrative writing will not be included in this report. |
| Post Investigation Summary - Threat Actor Profile | The Report is designed to provide context and relevance of the threat to the organization; adversary behaviour and potential goals; IOC enrichment; Associated malware and tools; Observed TTPs; Difference from existing TTPs – net new capabilities, slight modifications, and so on. |