Using Soltra Edge TAXII Service to Describe Malicious Activity

Task

Task:

Throughout this course, we have been looking at Cyber Security Information, what it is and how it is used to express a specific incident of malicious activity. We also looked at Trudy, and observed how her attack could be broken down into various levels of the kill chain. For your final assignment, you are to use the Soltra Edge TAXII service discussed in class to describe a specific instance of malicious activity you have researched. The following describes what the Soltra Edge (https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/look-how-easy-taxii-is/) is all about. The Soltra Edge Virtual Image can be found attached to this file. You should install this image and then study the various aspects of this service. The documentation for Soltra Edge can be found attached to this file. Once you are familiar with how to use this tool, perform the following steps:

1.Determine the malicious activity you are interested in
2.Make sure that that activity has enough information to represent all objects of STIX
3.Make sure there are relationships between objects to form associations
1.An Actor to a Campaign
2.An Indicator to an Observable(s)
3.A course of Action
4.An incident

You should graph out this relationship on paper and then build the relationship model using the Soltra Edge Web Interface. Once completed, you should download this object model and use STIXviz to view it. An example of what the report might look like can be found attached to this file, you should use this as a template when performing this assignment.

NOTE: For your final report you can expect a high percentage of common language when describing the malicious instance when you are evaluating within Turnitin. Areas such as the incident, target of the attack, TTP, and campaign are going to be very similar to the actual source report for which you are describing, therefore it will result in a high percentage from Turnitin. In these areas, make sure you cite your source. You should not have a high percentage in the areas where the STIX objects and Soltra solution are being presented.
 
This criterion is linked to a Learning OutcomeReport Format

The report uses a well-designed format that contains the title of the project, the student name and UID and the table of contents of the report, there are no spelling or grammar mistakes within the report

This criterion is linked to a Learning OutcomeAbstract and Scenario

The report contains a clear and concise Abstract and scenario introduction that clearly identifies the subject of the report

This criterion is linked to a Learning Outcome5 W’s

The report clearly identifies the Who, What, When, Where and How by using formal object definitions, such as the Threat Actor, Target, Campaign and details of the Exploit

This criterion is linked to a Learning OutcomeStages of the Attack
The report uses the Kill Chain phases and clearly defines each stage of the attack and the actions taken within each stage by the attacker and defender
This criterion is linked to a Learning OutcomeIncident Response
The report clearly identifies the mitigation actions to take in response to the threat, clearly outlining the Identification, Eradication and Recovery Phase for the attack
This criterion is linked to a Learning OutcomeLessons Learned
The report identifies the lessons learned as a result of the attack and processes used to mitigate it
This criterion is linked to a Learning OutcomeReferences
All references are clearly labelled and identified within the report, all references are relevant to the information provided.
This criterion is linked to a Learning OutcomeSoltra/Edge Representation
The Soltra/Edge tool is used to build and represent all objects used within the report to identify the attack. Each object includes the Title, ID, Description and Type and is correctly linked to other objects within the model
This criterion is linked to a Learning OutcomeStix Viz
The report includes a Stix Viz representation of the subject of the attack, representing all objects used to define the attack and clearly showing the relationship of each to all other objects.