Skip to content

"action.Social.Target" duplicative with Asset? #497

Description

@alexcpsec-vz

Is there a reason for action.Social.Target to exist? I suspect it always end up being duplicative with the Person asset. I can think of a few reasons to have it there (document the threat actor TTP, but we don't have confirmation that they reached the person they wanted), but still seems a bit wasteful.

This might make more sense to keep based on the forward looking statement of VERIS Templates. We could encode it as an action TTP but leave a P-Unknown in the Asset section to be filled out when using the template.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions