diff --git a/actions/mitre/integrityProtection.yaml b/actions/mitre/integrityProtection.yaml
new file mode 100644
index 0000000..5164d31
--- /dev/null
+++ b/actions/mitre/integrityProtection.yaml
@@ -0,0 +1,9 @@
+title: networkTraffic
+description: Malware uses DNS as a transport to communicate with the command-and-control servers [infloBlox]. Hence the packets contents need to be checked for data exfiltration. Basic checks can be implemented by the security engines on the DNS packets
+severity: high
+tags: [5gcore, edge, mitre]
+references:
+  - name: mitre
+    url: https://fight.mitre.org/data%20sources/DS0029
+  - name: infoBlox 
+    url: https://www.infoblox.com/dns-security-resource-center/dns-security-faq/what-is-dns-protection/
diff --git a/res/actionTemplate.yaml b/res/actionTemplate.yaml
new file mode 100644
index 0000000..c993cee
--- /dev/null
+++ b/res/actionTemplate.yaml
@@ -0,0 +1,9 @@
+title: xxx
+description: 
+severity: high
+tags: [5gcore, edge, accuknox]
+references:
+  - name:
+    url: 
+  - name: 
+    url: