Skip to main content

Cyware Threat Intelligence eXchange

Fill Course of Action Details

A Course of Action is a recommendation provided by an intelligence producer to guide the consumer on potential actions in response to a threat or intelligence. The CoA may be preventative, aiming to block exploitation, or corrective, designed to mitigate the threat’s impact. It can include automated actions, such as applying patches or configuring firewalls, manual processes, or a combination of both. For example, a CoA might outline how to remediate a vulnerability by applying the necessary patch.

The course of action component contains the following:

  • Basic Details

  • Common Fields

  • Custom Attributes

  • External References

Basic Details

Field Name

Required

Description

Name

Mandatory

Specify the name of the course of action.

Description 

Optional

Specify the additional information about the course of action, such as the purpose and its key characteristics.

Common Fields

Field Name

Description

Tags

Specify the tags for the course of action.

TLP

Specify the TLP of the course of action, such as RED, AMBER, GREEN, WHITE, and NONE.

Confidence

Specify the confidence score for the course of action.

Custom Scores

This field allows for the assignment of scores to threat data objects based on factors that influence the lifecycle of indicators of compromise (IOCs), such as relevance, severity, and risk. Custom scores aid analysts in prioritizing their analysis, guiding actions, and facilitating the sharing of threat intelligence.

Created by Reference

Specify the entity that created the CTIX object.

Revoked

Select this option to mark the component as revoked or invalid.

Custom Attributes

Field Name

Description

Add Custom Attribute

Specify the additional information that helps in improving the threat intelligence details. CTIX displays custom attributes created in Administration > Custom Entities Management. You can create multiple custom attributes for the report.

External References

Field Name

Description

Source Name

Enter a source name.

Description

Enter a description.

External ID

Enter an external ID.

URL

Enter the URL of the external reference.

Hash Type

Select the hash type.

Hash Value

Enter the hash value.