Permit access to or execution of a Target
Invalidate a previously issued Action
Isolate a file, process, or entity so that it cannot modify or access assets or processes
Duplicate an object, file, data flow, or artifact
Add a new entity of a known type (e.g., data, files, directories)
Remove an entity (e.g., data, files, flows)
Prevent a certain event or action from completion, such as preventing a flow from reaching a destination or preventing access
Execute and observe the behavior of a Target (e.g., file, hyperlink) in an isolated environment
Task the recipient to aggregate and report information as it pertains to a security event or incident
Find an object physically, logically, functionally, or by organization
Initiate a request for information
Change the flow of traffic to a destination other than its original destination
Task the recipient to eliminate a vulnerability or attack point
Stop then start a system or an activity
Return a system to a previously known state
Systematic examination of some aspect of the entity or its environment
Change a value, configuration, or state of a managed entity
Initiate a process, application, system, or activity
Halt a system or end an activity
Instruct a component to retrieve, install, process, and operate in accordance with a software update, reconfiguration, or other update
The task or activity to be performed (i.e., the 'verb')