Open One Actor Profile

Draft

Level: Simple

Goal: Review the core context for one ATT&CK group or actor.

Real-Life Scenario

A CTI analyst is asked during a standup what APT29 is known for and needs a fast actor summary with aliases, techniques, reports, and observable context.

When To Use This

Use this workflow when you need a fast, low-friction action and want the output to remain traceable to evidence.

Steps

Open ATT&CK Group Library and search the actor name, ID, or alias.
Review description, aliases, techniques, reports, IOCs, and tactic coverage.

Expected Result

Actor context ready for a note, briefing, or investigation pivot.

Review Notes

Keep source labels and evidence attached to every accepted result.
Treat actor matches, enrichment hits, and matrix overlap as analytical signals until corroborated.
Export only reviewed findings for customer, SOC, detection engineering, or executive use.

Draft​

Real-Life Scenario​

When To Use This​

Steps​

Expected Result​

Review Notes​