Fill Course of Action Details
A Course of Action is a recommendation provided by an intelligence producer to guide the consumer on potential actions in response to a threat or intelligence. The CoA may be preventative, aiming to block exploitation, or corrective, designed to mitigate the threat’s impact. It can include automated actions, such as applying patches or configuring firewalls, manual processes, or a combination of both. For example, a CoA might outline how to remediate a vulnerability by applying the necessary patch.
The course of action component contains the following:
Basic Details
Common Fields
Custom Attributes
External References
Basic Details
Field Name | Required | Description |
|---|---|---|
Name | Mandatory | Specify the name of the course of action. |
Description | Optional | Specify the additional information about the course of action, such as the purpose and its key characteristics. |
Common Fields
Field Name | Description |
|---|---|
Tags | Specify the tags for the course of action. |
TLP | Specify the TLP of the course of action, such as RED, AMBER, GREEN, WHITE, and NONE. |
Confidence | Specify the confidence score for the course of action. |
Custom Scores | This field allows for the assignment of scores to threat data objects based on factors that influence the lifecycle of indicators of compromise (IOCs), such as relevance, severity, and risk. Custom scores aid analysts in prioritizing their analysis, guiding actions, and facilitating the sharing of threat intelligence. |
Created by Reference | Specify the entity that created the CTIX object. |
Revoked | Select this option to mark the component as revoked or invalid. |
Custom Attributes
Field Name | Description |
|---|---|
Add Custom Attribute | Specify the additional information that helps in improving the threat intelligence details. CTIX displays custom attributes created in Administration > Custom Entities Management. You can create multiple custom attributes for the report. |
External References
Field Name | Description |
|---|---|
Source Name | Enter a source name. |
Description | Enter a description. |
External ID | Enter an external ID. |
URL | Enter the URL of the external reference. |
Hash Type | Select the hash type. |
Hash Value | Enter the hash value. |