Best Practices: Tags

Last Updated: Mar 11, 2019 11:01AM EDT


Tags are a very powerful feature of ThreatConnect®. Tagging adds metadata, or keywords, to intelligence data and provides a way to quickly identify or follow associated activities of a particular interest across ThreatConnect. Each Organization will have different concerns and, therefore, different uses for Tags, and each should come up with its own tagging policy. By writing and following a tagging policy, it will be possible for an Organization to achieve greater efficiency and cohesion. Once an Organization has a tagging policy in place, it can begin applying Tags. (See Applying Tags.) Following are some best practices that will provide a solid base for this policy.

Best Practices

  • Create well-thought-out Tags and ones that meet an agreed-upon Organization standard.
  • Assign descriptive Attributes to all Tags, unless the Tags are self-explanatory. Create Attributes that are clear and concise, with no grammatical or spelling errors.
  • Review all Tags to ensure uniqueness.
    • The Organization's tagging policy should define when the use of acronyms is allowed (e.g., APT vs. Advanced Persistent Threat).
    • Be careful of words that have common acronyms.
  • Capitalize all Tags that are acronyms (e.g., "APT" instead of "apt").
  • Create all Tags with the proper case (e.g., "Trojan RAT" instead of "trojan rat").
  • Transfer the correct Tags into their respective communities if they have been shared.
  • If analysis or context changes, update Tags to reflect the changes. Maintenance of Tags is key to keeping data accurate and relevant.

20002-02 EN Rev. B

Contact Us

  • ThreatConnect, Inc.
    3865 Wilson Blvd.
    Suite 550
    Arlington, VA 22203

    Toll Free:   1.800.965.2708
    Local: +1.703.229.4240
    Fax +1.703.229.4489

    Email Us
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found