Threat Actors
A threat actor is typically an individual or a group of individuals with malicious intent to cause harm to organizational security and data. The intent could be anything from causing physical harm to stealing sensitive information. Using Respond, you can add multiple threat actors to the database and connect them with campaigns, incidents, vulnerabilities, actions, PIRs, threat briefings, and malware and deduce predictive intelligence about the TTPs (Tactics, Techniques, and Procedure) employed by the threat actors which will help you prevent similar attacks in future.
To view the threat actors, go to Menu > Threat Actors. In the threat actors listing page, to manage the threat actors, you can perform the following activities:
Search and filter threat actors.
Reorder the threat actors based on the ascending or descending order of the threat actor titles.
View the threat actors in the following view types:
List
Type
Sort the threat actors based on the following criteria:
Relevance
Last Updates
View activity logs of the threat actors.
Export the threat actors.
Refresh the threat actors list to view the latest data. To refresh the threat actors list, on the top-right corner, click More > Refresh.
View the threat actors list in full-screen mode. To view the threat actors list in full-screen mode, in the top-right corner, click More > Full Screen.
View details of a threat actor. To view details of a threat actor retrieved from Intel Exchange, hover over the threat actor and click View Details. For more information, see Connect the Dots.
Notice
This feature is available in Respond v3.4.2 onwards.
For more information on managing the threat actors listing page, see Manage Module Listings.