In the modern software ecosystem, various external solutions and subsystems are interconnected, leading to a complex web of threats within the software supply chain. Software supply chain attacks exploit vulnerabilities within the supply chain, resulting in consequences such as data breaches, integrity breaches, and the distribution of malicious software. These attacks have emerged as a significant threat in the industry. It is impractical for organizations and companies to solely rely on software with complete autonomy concerning external programs, solutions, and environments to operate their systems. As these attacks predominantly manifest in the form of Advanced Persistent Threats (APTs), completely preventing software supply chain attacks at their source is unrealistic. Instead, swift incident detection and root cause identification are essential for mitigating further damage. This study references the MITRE ATT&CK framework and analyzes recent cases of supply chain attacks over the past decade to present a practical logging model that can accurately analyze and address threat factors in software supply chain attacks. It is anticipated that this contribution will aid in establishing a secure digital environment for enterprises and organizations.