1. Belhajjame K (2013) PROV-DM: the PROV data model. https://www.w3.org/TR/prov-dm/
2. Corporation TM (2015) APT&CK. https://attack.mitre.org
3. DavidJBianco: the threathuting project (2019). https://www.threathunting.net
4. Gao P, Xiao X, Li D, Li Z, Jee K, Wu Z, Kim CH, Kulkarni SR, Mittal P (2018) {SAQL}: a stream-based query system for real-time abnormal system behavior detection. In: 27th {USENIX} security symposium ({USENIX} security 18), pp 639–656
5. Gao P, Xiao X, Li Z, Xu F, Kulkarni SR, Mittal P (2018) {AIQL}: enabling efficient attack investigation from system monitoring data. In: {USENIX} annual technical conference ({USENIX}{ATC} 18), pp 113–126