valitydev/atomic-threat-coverage
14
0
Fork 0
mirror of https://github.com/valitydev/atomic-threat-coverage.git synced 2024-11-06 01:25:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

update RE&CT analytics

Browse Source
This commit is contained in:
Yugoslavskiy Daniil 2020-12-16 07:31:54 +03:00
parent 25e7ec36ac
commit b287354cdd
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Atomic_Threat_Coverage/Response_Playbooks/RP_0001_phishing_email.md
View File

@ -3,12 +3,12 @@
| **ID** | RP0001 |
| **Description** | Response playbook for Phishing Email case |
| **Author** | @atc_project |
| **Creation Date** | 31.01.2019 |
| **Creation Date** | 2019/01/31 |
| **Severity** | M |
| **TLP** | AMBER |
| **PAP** | WHITE |
| **ATT&amp;CK Tactic** |<ul><li>[TA0001: Initial Access](https://attack.mitre.org/tactics/TA0001)</li></ul>|
| **ATT&amp;CK Technique** |<ul><li>[T1193: Spearphishing Attachment](https://attack.mitre.org/tactics/T1193)</li><li>[T1192: Spearphishing Link](https://attack.mitre.org/tactics/T1192)</li></ul>|
| **ATT&amp;CK Technique** |<ul><li>[T1566.001: Spearphishing Attachment](https://attack.mitre.org/techniques/T1566/001)</li><li>[T1566.002: Spearphishing Link](https://attack.mitre.org/techniques/T1566/002)</li></ul>|
| **Tags** | <ul><li>phishing</li></ul> |
| **Preparation** |<ul><li>[RA1001: Practice](../Response_Actions/RA_1001_practice.md)</li><li>[RA1002: Take trainings](../Response_Actions/RA_1002_take_trainings.md)</li><li>[RA1004: Make personnel report suspicious activity](../Response_Actions/RA_1004_make_personnel_report_suspicious_activity.md)</li><li>[RA1003: Raise personnel awareness](../Response_Actions/RA_1003_raise_personnel_awareness.md)</li><li>[RA1101: Access external network flow logs](../Response_Actions/RA_1101_access_external_network_flow_logs.md)</li><li>[RA1104: Access external HTTP logs](../Response_Actions/RA_1104_access_external_http_logs.md)</li><li>[RA1106: Access external DNS logs](../Response_Actions/RA_1106_access_external_dns_logs.md)</li><li>[RA1111: Get ability to block external IP address](../Response_Actions/RA_1111_get_ability_to_block_external_ip_address.md)</li><li>[RA1113: Get ability to block external domain](../Response_Actions/RA_1113_get_ability_to_block_external_domain.md)</li><li>[RA1115: Get ability to block external URL](../Response_Actions/RA_1115_get_ability_to_block_external_url.md)</li><li>[RA1201: Get ability to list users opened email message](../Response_Actions/RA_1201_get_ability_to_list_users_opened_email_message.md)</li><li>[RA1202: Get ability to list email message receivers](../Response_Actions/RA_1202_get_ability_to_list_email_message_receivers.md)</li><li>[RA1203: Get ability to block email domain](../Response_Actions/RA_1203_get_ability_to_block_email_domain.md)</li><li>[RA1204: Get ability to block email sender](../Response_Actions/RA_1204_get_ability_to_block_email_sender.md)</li><li>[RA1205: Get ability to delete email message](../Response_Actions/RA_1205_get_ability_to_delete_email_message.md)</li><li>[RA1206: Get ability to quarantine email message](../Response_Actions/RA_1206_get_ability_to_quarantine_email_message.md)</li></ul>|
| **Identification** |<ul><li>[RA2003: Put compromised accounts on monitoring](../Response_Actions/RA_2003_put_compromised_accounts_on_monitoring.md)</li><li>[RA2113: List hosts communicated with external domain](../Response_Actions/RA_2113_list_hosts_communicated_with_external_domain.md)</li><li>[RA2114: List hosts communicated with external IP](../Response_Actions/RA_2114_list_hosts_communicated_with_external_ip.md)</li><li>[RA2115: List hosts communicated with external URL](../Response_Actions/RA_2115_list_hosts_communicated_with_external_url.md)</li><li>[RA2201: List users opened email message](../Response_Actions/RA_2201_list_users_opened_email_message.md)</li><li>[RA2202: Collect email message](../Response_Actions/RA_2202_collect_email_message.md)</li><li>[RA2203: List email message receivers](../Response_Actions/RA_2203_list_email_message_receivers.md)</li><li>[RA2204: Make sure email message is phishing](../Response_Actions/RA_2204_make_sure_email_message_is_phishing.md)</li><li>[RA2205: Extract observables from email message](../Response_Actions/RA_2205_extract_observables_from_email_message.md)</li></ul>|

2
response/atc_react

@ -1 +1 @@
Subproject commit b7bd8ec2b3cf3bf38c140aec46cb08a047e77311
Subproject commit 94c340520c1cad67c6e8cc1bff57b76be9eb6c87