This repository is for sharing SCYTHE Compound Actions. Compound Actions are custom tests that do not classify as an entire threat or adversary emulation plan. However, they are still an attack chain that can be added to larger threats and campaigns.
- Select the Compound Action folder you are interested in
- Review the README if available
- Download the raw JSON file.
- Login to the SCYTHE instance where you want to import the Compound Action.
- Click Threat Manager - Migrate Threats
- Under "Import Threat" click “Choose File” and select the JSON file you downloaded from GitHub
- Click Import and OK when complete
- Click Threat Manager - Threat Catalog
- Find the imported Compound Action and click the tag icon
- Tag the MITRE ATT&CK Technique for the Compound Action
SCYTHE believes in giving back to the community and encourages everyone to do the same. Please submit pull requests with new Compound Actions in their respective folder and we will review before approving.