Define infrastructure

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read

    • Define an Infrastructure that is any systems, software services, and any associated physical or virtual resources intended to support some purpose of an attack.

    Before you begin

    Role required: sn_ti.admin

    Procedure

    1. Navigate to All > Threat Intelligence > IoC Repository > Infrastructure.
    2. Click New.
    3. Complete the fields in the form as appropriate.
      FieldDescription
      Name Enter a descriptive name to identify the infrastructure.
      First Seen The time that this infrastructure was first seen performing malicious activities.
      Last Seen The time that this infrastructure was last seen performing malicious activities.
      Source Specifies the threat source from which this record is created.
      Description A description that provides more details and context about the Infrastructure, potentially including its purpose, how it is being used, how it relates to other intelligence activities captured in related objects, and its key characteristics.
      Aliases Alternative names to identify this infrastructure.
      Source ID Unique identifier for this object in the threat source.
      Created Time in Source Specifies the time the object is created in the source.
      Modified Time in Source Specifies the time the object is modified in the source.
    4. Click Submit.

    What to do next

    You can now click any of the following related lists to view additional information. You can also associate other objects with the infrastructure.
    Related Links and Related Lists Description
    Show Relationships Opens the STIX Visualizer where you can view the relationship of the STIX object.

    Show Relationships appears only when the object has an associated object.
    External References Lists external references which refer to non-STIX information. This property is used to provide one or more external object identifiers.
    Associated Types Lists indicator types associated with this object.
    Associated Kill Chain Phases Lists kill chain phases associated with this object.
    Associated Observables Lists observables associated with this object.
    Associated Infrastructure Lists systems, software services, and any associated physical or virtual resources that are associated with this object.
    Campaigns Lists campaigns associated with this object.
    Indicators Lists related Indicators of Compromise (IoC) that have been identified by the threat source associated with this object.
    Intrusion Set Lists a set of adversarial behaviors and resources with common properties associated with this object.
    Locations Lists locations that provide geographic context to this object.
    Malware Lists malicious code associated with this object.
    Observed Data Lists observed data associated with this object.
    Threat Actors Lists individuals, groups, or organizations who act with malicious intent associated with this object.
    Tools Lists legitimate software that is used by threat actors to perform attacks associated with this object.
    Vulnerabilities Lists a weakness or defect in a software or hardware that attackers exploit which is associated with this object.