A Threat actor is a person or group that is responsible for events or incidents that has the potential to affect the safety or security of others. For example, a threat actor can be someone associated with organized crime, IP theft, or cyberterrorism. You can search for and extract threat actors in TruSTAR.
Q. How does TruSTAR work with Threat Actors?
Similar to other IOCs, threat actors are searchable via the web and API and extracted in the graph visualization seen here:
Q. How do I interpret the graph visualization?
On the graph visualization, you can view all associated reports about the Threat Actor from all the sources you subscribe to.
Q. Who maintains the list of Threat Actors?
TruSTAR maintains an extensive list of threat actors, developed from internal sources as well as external sources, such as MITRE.
Q. What's next for the Threat Actor feature?
TruSTAR plans to add more functionality to Threat Actors, including:
- Create a new threat actor profile and save it to a list of threat actor names. This will mean all future reports will have that threat actor extracted and available for associating with other IOCs.
- Manually associate IOCs with one or more threat actor(s) so that when searching for IOCs or threat actors, you can see the relationships between them.
- An exportable human-readable summary of threat actor details and recent activity context.