Campaigns

A campaign is defined as a group of related Events/Incidents/Indicators/Malware/etc observed over time for which a clear set of TTPs (Tactics, Techniques, and Procedures) can be defined.

CRITs allows you to track Campaigns and relate/attribute Campaigns to any other top-level object in your system. There are two ways to do this:

Use the Relationships feature and relate a top-level object to the Campaign.
The more preferred method is to use the Campaigns section of the top-level object and attribute the Campaign there.

The second method is preferred because it allows the system to query for this assignment using indexes and mapreduce. These are what drive the Campaign Listing page values and populate the tabs on the Campaign Details page.

CRITs allows you to define a set of metadata for each Campaign you track:

Name: The name you wish to use to refer to the Campaign.
Aliases: The names other organizations refer to the same Campaign by.
Description: A description of that Campaign.
TTPs: A list of TTPs associated with that Campaign.

There is also an Email Activity section which will generate a graph (based on mapreduce) of any Emails that have been attributed to this Campaign and plot them over time.

One service that is very popular for Campaigns is the ANB Service. This service generates blocks of CSV information which can be imported into Analyst's Notebook for graphing.

Campaigns

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally