OpenCTI または OpenAEV プラットフォームを 30 日間お試しいただけます。 無料トライアル
XTM Hub by Filigranサインイン

Construction

Adversary & Campaign Insights
Vertical Market & Mission-Specific Intelligence
A picture of RG9jdW1lbnQ6NmQ1MWRkNzYtZDE4MC00MTU1LThmMTQtMTg0NzhhNjBkZDE0
A picture of RG9jdW1lbnQ6NmU4OTE0NTYtOTZkNS00ODk5LTk2ODAtN2FhZWQ1NzkzZjNi
A picture of RG9jdW1lbnQ6Nzg3OGJjNGYtMWZmOS00OWMzLTliOTgtY2UyZjI1MTIyYjVk

概要

A strategic dashboard that shows threats facing the Construction sector, one of a series of sector-focused dashboards. It includes overviews of Actors, Malware, TTPs and Vulnerabilities reported to be targeting organisations in the sector.

The Construction dashboard is designed to provide a comprehensive overview of threats reported to be targeting the sector. This dashboards provides a first-look top-down overview of all threats targeting the sector, and can be adapted to address specific Priority Intelligence Requirements (PIRs) targeting the sector.

Overview

  • The High Level Indicators section gives aggregate statistics for the entire dataset, giving situational awareness of the total volume of data in the platform
  • Active Threats shows the total number of reports for each threat actor that contain this sector or a sub-sector in the report
  • Recent Activities shows a timeline of campaigns that contain the sector
  • Technical Information shows counts of indicators relating to the sector

Usage

  • The High Level Indicators give an idea of the volume of data in your platform that is categorised as relating to the sector. If these figures are low, then the other threat-centric widgets will also have a low count. If you have a low count, common reasons can include: low volume of ingested data; ingested data does not contain sector as a STIX entity; too few reports in the time range set for the dashboard.
  • Active Threats shows Intrusion Sets, Threat Actors and Malware that have been reported as targeting the sector within the time range for the dashboard (usually from a report linking the threat to the sector that was received within the time range). Changing the time range to a recent time range, such as 1 or 3 months, will focus on more recent reports of threats against the sector.
  • Top Techniques used by Threats shows Attack Patterns (typically MITRE ATT&CK Techniques) known to be used by an Actor or Intrusion Set targeting the sector. Where a report contains the sector as a target, and the actor or intrusion set, then all Attack Patterns / TTPs known to be used by these actors (not just the TTPs included in the reports, or TTPs used against this sector) will be shown here.
  • Top Vulnerabilities targeted by Threats shows Vulnerabilities that were reported as being targeted by a Threat Actor or Intrusion Set, that targets the sector. This chart is indicative of vulnerabilities that are at a higher risk of exploitation in organisations within the sector.
  • Top Attack Patterns from Reports aggregates the TTPs included in the reports that reference this sector. Unlike the previous TTP graph, this only shows the TTPs that were mentioned in reports about the sector, rather than showing all TTPs known to be used by actors targeting the sector.

Data Pre-requisites

All widgets in this dashboard rely on reports ingested into OpenCTI that contain structured STIX entities, including targeted sector, threat actors, intrusion sets, malware entities, and indicators. If you do not have a stream of reports into OpenCTI that contain these entities, these dashboards will be empty. Most commercial feeds, and some open-source ones, will contain this structure. In addition, you can improve the inclusion of content in this report by:

  1. Configuring the OpenCTI Datasets connector, which ingests the master datasets, including sectors, with the UUIDs that are used in this dashboard. Each widget uses the specific UUID for the sector from this specific dataset.
  2. Turning on many of the Rules engine rules, that infer relationships between entities that are contained in a report (eg. if actor targets ‘Renewables’, then infer that actor targets ‘Energy’)
  3. Reviewing all Sectors, and checking that ‘similar’ sectors from other feeds are merged into the master entity from the OpenCTI Dataset, or at least are a child/subset of it. (eg. ‘Energy-Renewables’ is merged with ‘Renewables’, which is a subset of ‘Energy’)

Specific relationships that are used in these widgets include:

  • The relationship of Threat Actor or Intrusion Set targets the sector
  • The relationship of Threat Actor or Intrusion Set targets a vulnerability
  • The relationship of Threat Actor or Intrusion Set uses an Attack Pattern
  • The relationship of Threat Actor or Intrusion Set uses a Malware
  • The relationship of Indicator indicates a Malware, Threat Actors, Intrusion Set, Campaign

基本情報

Filigran
Enzo Queiros Martins
2026年2月20日
6.9.4
60+
1

    当社は、XTM Hubの機能を動作させ、その利用状況を把握し、ユーザー体験を向上させるためにクッキーを使用しています。必須のクッキーは常に有効になっています。また、ユーザーの同意を得た上で、機能、パフォーマンス、分析、およびマーケティングを目的としたオプションのクッキーも使用しています。 すべてのクッキーを受け入れる、すべてを拒否する、または許可するオプションのクッキーを選択することができます。「クッキー設定」から、いつでも設定を変更できます。詳細については、当社のクッキーポリシーをご覧ください。