Skip to content

Threat Actions

Jump to bottom Edit New page
Kevin Thompson edited this page May 30, 2014 · 15 revisions

Threat actions describe what the threat actor(s) did to cause or contribute to the incident. Every incident has at least one, but most will comprise multiple actions (and often across multiple categories). VERIS uses 7 primary categories of threat actions: Malware, Hacking, Social, Misuse, Physical, Error, and Environmental.

Malware

Malware is any malicious software, script, or code run on a device that alters its state or function without the owner’s informed consent. Examples include viruses, worms, spyware, keyloggers, backdoors, etc.

VERIS version 1.3 defines the following variables for malware actions:

  • variety (required)
  • vector (required)
  • cve
  • name
  • notes

Hacking

Hacking is defined within VERIS as all attempts to intentionally access or harm information assets without (or exceeding) authorization by circumventing or thwarting logical security mechanisms. Includes brute force, SQL injection, cryptanalysis, denial of service attacks, etc.

VERIS classification note: There is an action category for Hacking and for Misuse. Both can utilize similar vectors and achieve similar results; in Misuse, the actor was granted access/privileges (and used them inappropriately), whereas with Hacking, access/privileges are obtained illegitimately.

VERIS version 1.3 defines the following variables for hacking actions:

  • variety (required)
  • vector (required)
  • cve
  • notes
Add a custom footer
Add a custom sidebar
Clone this wiki locally