Cyber Threat Modelling by leveraging an open source attack graph and activity thread graph tool
Many SOC organizations lack the expertise to analyze complex cyber event chains, leaving them vulnerable to threats. The CTI-STIX-Diamond-Activity-Attack-Graph tool helps prepare for risks by providing detailed insights into attackers' tactics, enabling effective defense measures across prevention and detection controls.
- 1. Introduction
- 2. Methodology
- 2.1 Modelling of the threat-centric part
- 2.2 Modelling of the asset- and system-centric part (operational environment)
- 2.3 Leveraging CTMs for security operations
- 3. Tool description
- 4. How to access the tool
- 5. Graph types
- 6. Tool usage
Authors: Rukhsar Khan
Abstract:
Ineffective approaches in incident preparation and security operations (detection, intrusion analysis and response) exist in many SOC organizations today. They further lack knowledge and expertise to comprehend and analyze a large cyber event chain consisting of multiple related events. Therefore, organizations fall short of defending against the risk cyber attackers pose to them.
Leverage our tool (cti-stix-diamond-activity-attack-graph) to properly prepare for the current and future risks cyber attackers are posing against a client's organization. Upon detailed understanding of the threats by using attack graphs and attack trees, put the right defensive measures onto the client's prevention and detection security controls. These insights are consumed by various stakeholders to get an understanding of the attacker's complete modus operandi and how they would target a client's assets in a few glances.
To use the tool online, visit https://yukh1402.github.io/cti-stix-diamond-activity-attack-graph/. Alternatively, you can access the GitHub repository or download the image from Docker Hub. Run the Docker image using the following command:
docker run -d -p 80:80 1402/cti-stix-diamond-activity-attack-graph:latest