Define a course of action
Define a course of action to prevent an attack or to respond to an attack that is in progress.
Before you begin
Role required: sn_ti.admin
Procedure
- Navigate to .
- Click New.
-
Complete the fields in the form as appropriate.
Field Description Name Enter a descriptive name for this course of action. Action To capture structured or automated courses of action. Source Specifies the threat source from which this record is created. Description A description that provides more details and context about the course of action, potentially including its purpose and its key characteristics. Source ID Unique identifier for this object in the threat source. Created Time in Source Specifies the time the object is created in the source. Modified Time in Source Specifies the time the object is modified in the source. - Click Submit.
What to do next
| Related Links | Description |
|---|---|
| Show Relationships | Opens the STIX Visualizer where you can view the relationship of the STIX
object. Show Relationships appears only when the object has an associated object. |
| External References | Lists external references which refer to non-STIX information. This property is used to provide one or more external object identifiers. |
| Attack Patterns | Lists the attack patterns that help categorize attacks that are associated with this object. |
| Indicators | Lists related Indicators of Compromise (IoC) that have been identified by the threat source associated with this object. |
| Malware | Lists malicious code associated with this object. |
| Tools | Lists legitimate software that is used by threat actors to perform attacks associated with this object. |
| Vulnerabilities | Lists a weakness or defect in a software or hardware that attackers exploit which is associated with this object. |