-
Notifications
You must be signed in to change notification settings - Fork 5
Use Cases & Domains
Patrick Maroney edited this page Sep 24, 2015
·
54 revisions
-
Support capture of “atomic” cyber data
- Enable characterization of atomic network-related data
- Support malicious cyber activity detection
-
Support cross-sensor correlation and integration
-
Support event data analysis from diverse set of sensors
- Support event data analysis from network-based sensors
- Support event data analysis from endpoint-based sensors
-
Support event data analysis from diverse set of sensors
-
Support capture of system state data
- Support capture of device/endpoint state
- Enable characterization of PC state
- Enable characterization of BIOS state
- Enable characterization of mobile device state
- Support capture of operating system state
- Enable characterization of operating system-specific artifacts
- Enable characterization of operating system-specific executable binary formats
- Enable characterization of operating system-specific kernel artifacts
- Enable characterization of operating system-specific artifacts
- Enable characterization of SCADA device state
- Enable characterization of SCADA network traffic
- Support capture of device/endpoint metadata
- Enable characterization of general device metadata
- Enable characterization of PC state
- Support capture of device/endpoint state
- Support capture of cyber analysis results
- Support capture of malware analysis results
- Enable characterization of malware artifacts
- Enable characterization of file-system based malware artifacts
- Enable characterization of memory-based malware artifacts
- Enable characterization of network-based malware artifacts
- Enable characterization of malware artifacts
- Support capture of digital forensics analysis results
- Support capture of network forensics analysis results
- Enable characterization of network metadata
- Support capture of file system analysis results
- Enable characterization of file metadata
- Enable characterization of image file metadata
- Enable characterization of file-system metadata
- Enable characterization of file metadata
- Support capture of memory forensics analysis results
- Support capture of network forensics analysis results
- Support capture of analysis-related metadata
- Enable characterization of analysis tool metadata
- Support capture of malware analysis results
- Indicator sharing <== [Patrick Maroney, Suggested change: CTI Sharing 150923]
- Incident response
- Incident Reporting (Compliance/Agency Reporting) <== [Patrick Maroney, Suggested addition 150923]
- Malware analysis
- Digital forensics
- Network forensics
- File system forensics
- Memory forensics
- Adversary TTP Modeling <== [Patrick Maroney, Suggested addition 150923]
- CTI Operationalization <== [Patrick Maroney, Suggested addition 150923]
- create a new wiki page
- title the page "Use Case:" followed by your use case title
- copy and paste the following outline into the new page
- fill in the appropriate content
- edit this page and add your new use case to the list as a link to your new use case page
Abstraction Level (High, Medium or Low): High (replace with your value)
Related Use Cases: Related use case (replace with your content)
Description: Use case objective and flow description (replace with your content)
Stakeholders/Goals:
- Stakeholder: Stakeholder description (replace with your content)
- Goal: Goal description (replace with your content)
Requirements:
- Requirement description (replace with your content)
Applicable Domains:
- Applicable domain (replace with your content)