The Threat Entities module provides structured records used to manage threat intelligence objects in the TISC. These records align with STIX domain object concepts and help standardize how threat activity is documented and analyzed.

Use this module to create and manage entities such as:

• Attack Patterns to document adversary tactics and techniques.
• Campaigns to track coordinated threat activity over time.
• Courses of Action to define recommended remediation steps.
• Identities to represent individuals, groups, or organizations.
• Infrastructure to record systems and services used in operations.
• Intrusion Sets to group related threat activity.
• Malware and Malware Analysis records for malicious tools and findings.
• Threat Actors to represent adversaries.
• Threat Events, Threat Reports, Threat Notes, and Threat Opinion to capture contextual intelligence.
• Marking Definitions to apply data handling classifications.