France

The France dashboard is designed to provide a comprehensive overview of threats reported to be targeting the country. This dashboards provides a first-look top-down overview of all threats targeting the country, and can be adapted to address specific Priority Intelligence Requirements (PIRs) targeting the country.

Overview

• The High Level Indicators section gives aggregate statistics for the entire dataset, giving situational awareness of the total volume of data in the platform
• Active Threats shows the total number of reports for each threat actor that contain this country in the report
• Recent Activities shows a timeline of campaigns that contain the country
• Technical Information shows counts of indicators relating to the country

Usage

• The High Level Indicators give an idea of the volume of data in your platform that is categorised as relating to the country. If these figures are low, then the other threat-centric widgets will also have a low count. If you have a low count, common reasons can include: low volume of ingested data; ingested data does not contain country as a STIX entity; too few reports in the time range set for the dashboard.
• Active Threats shows Intrusion Sets, Threat Actors and Malware that have been reported as targeting the country within the time range for the dashboard (usually from a report linking the threat to the country that was received within the time range). Changing the time range to a recent time range, such as 1 or 3 months, will focus on more recent reports of threats against the country.
• Top Techniques used by Threats shows Attack Patterns (typically MITRE ATT&CK Techniques) known to be used by an Actor or Intrusion Set targeting the country. Where a report contains the country as a target, and the actor or intrusion set, then all Attack Patterns / TTPs known to be used by these actors (not just the TTPs included in the reports, or TTPs used against this country) will be shown here.
• Top Vulnerabilities targeted by Threats shows Vulnerabilities that were reported as being targeted by a Threat Actor or Intrusion Set, that targets the country. This chart is indicative of vulnerabilities that are at a higher risk of exploitation in organisations within the country.

Data Pre-requisites

All widgets in this dashboard rely on reports ingested into OpenCTI that contain structured STIX entities, including targeted country, threat actors, intrusion sets, malware entities, and indicators. If you do not have a stream of reports into OpenCTI that contain these entities, these dashboards will be empty. Most commercial feeds, and some open-source ones, will contain this structure.

In addition, you can improve the inclusion of content in this report by:

1. Configuring the OpenCTI Datasets connector, which ingests the master datasets, including countries, with the UUIDs that are used in this dashboard. Each widget uses the specific UUID for the country from this specific dataset.
2. Turning on many of the Rules engine rules, that infer relationships between entities that are contained in a report (eg. if actor targets ‘France’, then infer that actor targets ‘Europe’)
3. Reviewing all Countries, and checking that ‘similar’ countries from other feeds are merged into the master entity from the OpenCTI Dataset, or at least are a child/subset of it. (eg. ‘Europe-France’ is merged with ‘France’, which is a subset of ‘Europe’)

Specific relationships that are used in these widgets include:

• The relationship of Threat Actor or Intrusion Set targets the country
• The relationship of Threat Actor or Intrusion Set targets a vulnerability
• The relationship of Threat Actor or Intrusion Set uses an Attack Pattern
• The relationship of Threat Actor or Intrusion Set uses a Malware
• The relationship of Indicator indicates a Malware, Threat Actors, Intrusion Set, Campaign