Threat Exposure

Campaigns

The security community employs diverse analytical methodologies and terminology to monitor intrusion activities, including operations, intrusion sets, and campaigns. Certain intrusion events may be identified by multiple names owing to disparate organizations monitoring analogous activities, often from distinct perspectives. Conversely, there are instances where reported activities lack a formal designation.

Interpres consolidates campaign data from a multitude of sources, including publicly available threat reports and integrations with customer-provided threat intelligence, thereby ensuring comprehensive coverage and insight into evolving threat landscapes.

Techniques

Techniques represent 'how' an adversary achieves a tactical goal by performing an action.

Software

Software encompasses a broad spectrum of applications, including custom or commercial code, operating system utilities, open-source software, and other tools utilized to execute behaviors modeled in MITRE ATT\&CK™. It is notable that certain instances of software may be referred to by multiple names, a phenomenon stemming from different organizations tracking identical software sets under varied designations.

Threat Groups

Threat Groups represent clusters of activities monitored under a shared name within the security community. Analysts employ diverse analytical methodologies and terminology, such as threat groups, activity groups, and threat actors, to track these clusters.

It is noteworthy that certain groups may be associated with multiple names, reflecting similar activities observed by different organizations. Additionally, organizations' definitions of groups may exhibit partial overlaps with designations by other entities, occasionally leading to discrepancies concerning specific activities.