Go to file
2021-03-04 11:54:34 +11:00
book more improvements 2021-03-04 11:54:34 +11:00
registry more improvements 2021-03-04 11:54:34 +11:00
src more improvements 2021-03-04 11:54:34 +11:00
.gitignore initial commit 2021-03-02 15:17:16 +11:00
book.toml initial commit 2021-03-02 15:17:16 +11:00
build.rs refactor usage 2021-03-03 13:38:15 +11:00
Cargo.toml more improvements 2021-03-04 11:54:34 +11:00
README.md initial commit 2021-03-02 15:17:16 +11:00

STORM

An angry cloud.

A registry of how to protect a system.

Tags

Tags are limited to a-z, 0-9, or - characters and can be hierarchically separated via ..

For example when referring to a MITRE ATT&CK technique we could use attack.t0001.

Domains

Domain Model Description
[Source] Sourcing of intelligence for improving observation, reaction and mitigation
Intelligence Feed or result of a query used to satisfy intelligence requirements
Requirement Collection of intelligence used by actions, detections and mitigations
Provider An internal or external supplier of intelligence
[Threat] Modelling and simulations of threat actor tactics, techniques and software
Tactic High-level categorization of threat actor behaviour
Technique Specific description of threat actor behaviour
Software Code/utilities/tools used in conducting threat actor behaviour
Simulation Generating threat behaviour for testing observation, reaction and mitigations
[Observe] Events, definitions and configuration for observing threat actor behaviour
Event Observable items use to detect and respond to threat actor behaviour
Detection Rule used to detect threat actor behaviour mapped to threat actor behaviour
Provider Software or systems that are capable of producing events
Configuration Configuration applied to a provider enabling it to produce events
[React] Structured responses to observed threat behaviour
Stage Phase of a response to observed threat behaviour
Action An atomic human action assigned to an response stage
Playbook Composition of response actions for a given context
[Mitigate] Proactive and reactive strategies to address address threats
Strategy Composition of platforms and configurations to address a threat
Platform Platform that is capable of mitigating threats with or without configuration
Configuration Configuration applied to a platform enabling it to mitigate threats

Source

How do you what is happening outside of your system or if something you saw is elsewhere considered a threat?

A source is an entity that provides an external perspective and knowledge of threats, techniques, tools, mitigations that can be pulled or queried.

Provider

Requirement

Intelligence

Threat

Observe

React

Mitigate

source/ provider SPR##### requirement SRT##### intelligence SIE##### threat/ tactic TTC##### software TSE##### technique TTE##### deficiency
simulation TSN##### observe/ event OET##### detection ODN##### provider OPR##### configuration OCG##### react/ stage RSE##### action RAN##### playbook RPK##### mitigate/ strategy MSY##### platform MPM##### configuration MCG#####