Scenario: An end-to-end, emulated campaign typically spanning (pre-)compromise behaviors through the adversary achieving their operational objective(s). Pretty pictures make everything better.
Part 2:
Step: A grouping of behaviors related to a specific adversary goal within a Scenario, typically aligns at the same level of abstraction (but not the same as) as ATT&CK Tactics.
Sub-Step / Procedure: Each specific behavior to be executed during the emulation, typically aligns at the same level of abstraction (but not the same as) as ATT&CK Techniques.
Emulation Plan for CTID
Part 1:
Scenario: An end-to-end, emulated campaign typically spanning (pre-)compromise behaviors through the adversary achieving their operational objective(s). Pretty pictures make everything better.
Part 2:
Step: A grouping of behaviors related to a specific adversary goal within a Scenario, typically aligns at the same level of abstraction (but not the same as) as ATT&CK Tactics.
Sub-Step / Procedure: Each specific behavior to be executed during the emulation, typically aligns at the same level of abstraction (but not the same as) as ATT&CK Techniques.