Current ThreatQ Version Filter
About System Objects
Default ThreatQ Role: Administrative, Maintenance, or Primary Contributor
Custom Role - Action Permissions: Objects & Context - Objects, Individual Object Context & Actions
System objects are threat data ingested or manually added to your Threat Library. ThreatQ is seeded with the following system object types:
| System Object | Description | Related Topics |
|---|---|---|
| Adversaries | Individuals or groups that attempt to perform malicious actions against other individuals or organizations. | Adversaries |
| Assets | Tangible or intangible items of value to stakeholders. | Assets |
| Attack Patterns | Descriptions of methods used to exploit software. | Attack Patterns |
| Campaigns | Groups of behaviors that describe malicious activities taken against specific targets over a period of time. | Campaigns |
| Courses of Action | A combination of risk response measures taken to address or prevent malicious attacks. | Courses of Action |
| Events | Objects that focus on temporal incidents that have significant security impact. | About Events |
| Exploit Targets | Identified vulnerabilities in a system, software, or network that can be targeted by tactics, techniques, and procedures (TTP). | Exploit Targets |
| Files | Received from various intelligence providers and may contain technical cybersecurity data such as Indicators, Adversaries, and Malware samples. | Files |
| Identities | Contain basic identifying information for targeted groups such as information sources, threat actor identities, and targets of attack. | Identities |
| Incidents | Records of any violation of an organization's established security/network policy that may compromise security, integrity, or general access. | Incidents |
| Indicators | Information that describes or identifies methods used to defeat security controls, exploit vulnerabilities, and gain unauthorized access to an internal network. Indicators can also describe malicious reconnaissance to gather technical information, malicious cyber command and control, and any other attribute of cyber security whose disclosure is prohibited by law. | About Indicators |
| Infrastructure | Information that describes any systems, software services and associated physical or virtual resources intended to support a specific purpose. | Infrastructure |
| Intrusion Sets | Grouped sets of adversarial behaviors and resources, sometimes referred to as attack packages, used to target an individual organization. | Intrusion Sets |
| Malware | Targets devices, services, and networks with the intent to gain unauthorized access or damage a network or programmable device. | Malware |
| Notes | STIX 2.1 objects that provide further context and/or additional analysis. | Notes |
| Reports | Contain information and related details for a specific threat such as Malware. | Reports |
| Signatures | Contain the blueprints or patterns associated with a malicious attack on a network or system. | Signatures |
| STIX | Refers to data in the STIX (Structured Threat Information eXpression) format. STIX is a standardized XML programming language for conveying data about cybersecurity threats. | About STIX |
| Tasks | Allow you to create and assign tasks to yourself or other users in the platform. | Tasks |
| Tools | A legitimate application that can be leveraged to perform malicious activities. | Tools |
| TTP | Describes how an intruder may attempt to access your system. | TTP |
| Vulnerabilities | Applications that can be exploited to infiltrate systems/networks. | Vulnerabilities |