I'm trying to express a situation like this:
An attacker breaks into a server [threat scenario], gaining access of it [direct asset], which leads to malicious code modification [secondary threat scenario], which leads to loss of functionality [incident], which impacts availability [iniderect asset].
However, there doesn't seem to be a way to connect threat scenarios together, or connect them via an asset. Am I missing something? Am I thinking of this wrong?
I could express the code modification as an incident, however, it's actively and directly caused by a human threat, so it still looks like a threat scenario to me.