Threat actions describe the activity that caused or contributed to the incident. There are seven primary categories: malware, hacking, social, misuse, physical, error, and environmental. The following quick reference classifier outlines the key differences between them:
he threat actions sub-elements
Again, there are properties that can be added to these actions to aid grouping and searchability. These are shown in the following diagram:
The threat action sub-elements and their properties
Some incidents contain multiple threat actions. If this is the case, each action is graded independently. The VERIS framework can scale to as many categories as is considered appropriate for each incident, but consideration must be given to whether adding too many threat actions will add value or add noise to the report.