action-target-index.md

Actions

ID	Property Name	Use Case Source
1	scan	Symantec: scan>>file
2	locate	ATT: locate>>ip_addr Symantec: locate>>process Symantec: locate>>directory Symantec: locate>>file Symantec: locate>>windows_registry_key
3	query	General: query>>property Phantom: query>>process sFractalConsulting: query>>openc2 General: query>>openc2 Symantec: query>>device Symantec: query>>file Symantec: query>>software Symantec: query>>url
4	report
5	notify
6	deny	ATT: deny>>ip_connection Phantom: deny>>process STIX: deny>>ip_connection sFractalConsulting: deny>>ip_connection sFractalConsulting: deny>>domain_name LG: deny>>ip_addr Symantec: deny>>file Symantec: deny>>process Symantec: deny>>url Symantec: deny>>email-addr Symantec: deny>>email-message
7	contain	ATT: contain>>domain_name STIX: contain>>device Symantec: contain>>device
8	allow	ATT: allow>>domain_name ATT: allow>>ip_connection sFractalConsulting: allow>>ip_connection Symantec: allow>>device Symantec: allow>>file Symantec: allow>>url
9	start	Symantec: start>>process sFractal: start: vm
10	stop	Phantom: stop>>process Symantec: stop>>process sFractal: stop: vm
11	restart	Symantec: restart>>device Symantec: restart>>process
12	pause
13	resume
14	cancel	Symantec: cancel>>command
15	set
16	update	sFractalConsulting: update>>software sFractalConsulting: update>>software Symantec: update>>device Symantec: update>>software
17	move
18	redirect	STIX: redirect>>ip_connection LG: redirect>>domain_name LG: redirect>>url
19	create	sFractal: start: vm
20	delete	Phantom: delete>>file STIX: delete>>artifact sFractalConsulting: delete>>process sFractalConsulting: delete>>email_message sFractalConsulting: delete>>file Phantom: delete>>file Symantec: delete>>device Symantec: delete>>file
21	snapshot
22	detonate	Symantec: detonate>>file Symantec: detonate>>url
23	restore	Symantec: restore>>file
24	save
25	throttle
26	delay
27	substitute
28	copy	Symantec: copy>>file
29	sync
30	investigate	Symantec: investigate>>device
31	mitigate
32	remediate	Symantec: remediate>>file

Targets

ID	Property Name	Type	Use Case Source
1	artifact	Artifact	STIX: delete>>artifact
2	command	Command	Symantec: cancel>>command
3	device	Device	STIX: contain>>device Symantec: allow>>device Symantec: delete>>device Symantec: query>>device Symantec: restart>>device Symantec: update>>device Symantec: contain>>device
4	directory	Directory	Symantec: locate>>directory
5	disk	Disk
6	disk_partition	Disk-Partition
7	domain_name	Domain-Name	ATT: contain>>domain_name ATT: allow>>domain_name sFractalConsulting: deny>>domain_name LG: redirect>>domain_name
8	email_addr	Email-Addr	Symantec: deny>>email-addr
9	email_message	Email-Message	sFractalConsulting: delete>>email_message Symantec: deny>>email-message
10	file	File	Phantom: delete>>file sFractalConsulting: delete>>file Phantom: delete>>file Symantec: allow>>file Symantec: copy>>file Symantec: delete>>file Symantec: deny>>file Symantec: remediate>>file Symantec: locate>>file Symantec: query>>file Symantec: restore>>file Symantec: scan>>file Symantec: detonate>>file
11	ip_addr	IP-Addr	ATT: locate>>ip_addr LG: deny>>ip_addr
13	mac_addr	Mac-Addr
14	memory	Memory
15	ip_connection	IP-Connection	ATT: deny>>ip_connection ATT: allow>>ip_connection STIX: deny>>ip_connection STIX: redirect>>ip_connection sFractalConsulting: allow>>ip_connection sFractalConsulting: deny>>ip_connection
16	openc2	OpenC2	sFractalConsulting: query>>openc2 General: query>>openc2 Symantec: cancel>>openc2>>command
17	process	Process	Phantom: query>>process Phantom: deny>>process Phantom: stop>>process sFractalConsulting: delete>>process Symantec: deny>>process Symantec: locate>>process Symantec: restart>>process Symantec: stop>>process Symantec: start>>process
25	property	Property	General: query>>property
18	software	Software	sFractalConsulting: update>>software sFractalConsulting: update>>software Symantec: query>>software Symantec: update>>software
19	url	Url	LG: redirect>>url Symantec: query>>url Symantec: deny>>url Symantec: allow>>url Symantec: detonate>>url
20	user_account	User-Account
21	user_session	User-Session
22	volume	Volume
23	windows_registry_key	Windows-Registry-Key	Symantec: locate>>windows_registry_key
24	x509_certificate	X509-Certificate
1024	slpff	Slpff-Target