Custom Kill Chain
The Cyber Kill Chain is a cybersecurity model created by Lockheed Martin that traces the stages of an attack, identifies vulnerabilities, and helps security teams to stop the attacks at every stage of the chain.
MITRE ATT&CK also defines the stages of an attack and helps teams to come up with mitigation tactics and techniques.
Apart from using these standard Kill Chains, you can create your own kill chain with its own custom phases suitable for your organization and industry. Create, maintain, and map the custom kill chains when adding intel in CTIX using the Submit Detailed Intel.
Create a Custom Kill Chain
Create a custom kill chain with custom kill chain phases to trace and track attacks in your organization or your industry. For example, see Cyber Kill Chain. You can create a customized version of the Cyber Kill Chain using a custom kill chain in Intel Exchange.
Before you Start
Ensure that you have View Custom Entities, Create Custom Entities, and Update Custom Entities permissions.
Steps
To create a custom kill chain, follow these steps:
Go to Administration > Custom Entities Management > Custom Kill Chain.
Click Add Custom Kill Chain.
Enter a name within 100 characters for the kill chain and the kill chain phases.
Click Add Phases to add more phases to your kill chain.
Click Save.
Manage Custom Kill Chain
After you add a kill chain, you can perform the following activities:
Search: Click on Search or filter results to search custom kill chain based on created by, created range, modified by, and modified range.
Edit: Click on the vertical ellipsis of a kill chain and select Edit to edit the details of a kill chain.
Delete: Click on the vertical ellipsis of a kill chain and select Delete to delete the kill chain.