Skip to content

Commit e42b47d

Browse files
savacano28savacano28
committed
[doc] Update opencti generating scenario doc
1 parent 0126a70 commit e42b47d

File tree

3 files changed

+11
-15
lines changed

3 files changed

+11
-15
lines changed

docs/usage/scenario/assets/inject-scenario-openbas.png

22.3 KB
Loading

docs/usage/scenario/assets/scenario-openbas.png

-491 Bytes
Loading

docs/usage/scenario/opencti_scenario.md

Lines changed: 11 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -41,35 +41,31 @@ If you choose the "Technical" (payloads) simulation type, you will also need to
4141

4242
It’s essential to understand that a scenario creation for these entities relies on matching TTPs between OpenCTI and
4343
OpenBAS. You’ll need to ensure that the TTPs in both platforms are aligned. For instance, if your report contains the
44-
TTP T1059.001, a scenario can be created with an inject, provided OpenBAS also includes T1059.001.
44+
TTP T1059.001, a scenario can be created with an inject, provided OpenBAS also includes T1059.001. Otherwise, an
45+
inject with a placeholder will be created instead for this TTP.
4546

4647
If these TTPs are not supported by OpenBAS, you will receive an alert listing the uncovered TTPs.
4748

4849
![ttps not covered obas](assets/octi-ttps-no-covered.png)
4950

50-
When generating a scenario from OpenCTI, a scenario is created and can be accessed from the scenarios screen. The
51+
When generating a scenario from OpenCTI, a scenario is created on OpenBas and can be accessed from the scenarios screen. The
5152
scenario name will include a reference to OpenCTI, indicating its origin. This scenario will automatically contain
5253
relevant sequences of injects based on the threat context identified in OpenCTI.
5354

55+
![Scenario OpenBAS](assets/scenario-openbas.png)
56+
57+
![Scenario OpenBAS](assets/inject-scenario-openbas.png)
58+
59+
![Scenario OpenBAS](assets/inject-placeholder.png)
60+
5461
However, it's important to review and potentially customize the scenario to ensure it meets your organization's specific
5562
requirements. Additionally, you'll need to select appropriate [targets](../targets.md) for the injects within the
5663
scenario.
5764

65+
![Scenario OpenBAS](assets/inject-ttp.png)
66+
5867
Once you've finalized the scenario, you can schedule your simulation as you would do for any other scenarios. The overall
5968
results of the simulation will also be available directly within OpenCTI, providing insights into the threat context
6069
upon which the scenario is based.
6170

6271
![Simulate results](assets/simulate-result.png)
63-
64-
Exemple of a scenario generated on OpenBAS is:
65-
66-
![Scenario OpenBAS](assets/scenario-openbas.png)
67-
68-
Here, you can see the list of injects generated for ttp existents on openBAS, exemples of injects placeholder and existents :
69-
70-
![Scenario OpenBAS](assets/inject-scenario-openbas.png)
71-
72-
![Scenario OpenBAS](assets/inject-placeholder.png)
73-
74-
![Scenario OpenBAS](assets/inject-ttp.png)
75-

0 commit comments

Comments
 (0)