Create

Last Updated: Oct 29, 2018 02:57PM EDT
User; Organization Administrator to enable Tracks
None

Overview

Data can be added to ThreatConnect® in numerous ways. The quickest method is to create a single Indicator, Group, Track, or Victim via the CREATE option on the top navigation bar.

Creating an Indicator

  1. From the top navigation bar (Figure 1), place the cursor over CREATE and then over the INDICATOR option. Click on an object (ADDRESS Indicator in this example), and the Create window for that object type will appear (Figure 2).
  2. Select the object’s Owner. The selected Owner determines the Organization, Community, or Source that will own the created data.
  3. Fill out the displayed fields and click the SAVE button.
  4. Follow Steps 2 and 3 for any other Indicator, as illustrated by Steps 5–13.
  5. Email Address (Figure 3)
  6. File (Figure 4)
  7. Host (Figure 5)
  8. URL (Figure 6)
  9. Autonomous System Number (ASN) (Figure 7)
  10. CIDR (Figure 8)
  11. Mutex (Figure 9)
  12. Registry Key (Figure 10)
  13. User Agent (Figure 11)

Creating a Group

  1. From the top navigation bar (Figure 1), place the cursor over CREATE and then over the GROUP option. Click on an object (ADVERSARY Group in this example), and the Create screen will appear. The Create screen for Groups contains three parts: a Details section where basic information about the Group is entered (Figure 12); an optional Associations section where Indicators of relevant types can be uploaded and associated with the Group and details (i.e., Description, Tags, Threat Rating, and Confidence Rating) about the Association can be provided (Figure 13); and an optional Attachments section where related files can be attached (Figure 14).
    • Type: The Type dropdown menu can be used to select a different Group type if desired. If a new Group type is selected, the Details section will automatically change to the section for that type.
    • Owner: Select the object’s Owner. The selected Owner determines the Organization, Community, or Source that will own the created data.
    • Summary: Use this section to provide a name for the Group.
    • Description: Provide a general description of the Group, such as the types of actors it comprises; tactics, techniques, and procedures (TTPs); etc.
    • Apply Description to Associations: Check this box to apply the Description to the Group’s Associations.
    • Tags: Enter Tags for the Group.
    • Apply Tags to Associations: Check this box to apply the Tags to the Group’s Associations.
    • Click the NEXT button to go to the Associations section (Figure 13).
    • Indicator Type: Choose the Indicator Type from the dropdown menu, which contains the following options: Unknown - (parsed), File, Mutex, Registry Key, and User Agent. Parsable types include Address, E-mail Address, Host, URL, ASN, and CIDR. Once a selection is made, the Indicator Type section will change to provide appropriate means for entering associated Indicators of the given type.
    • Associations: This section displays the associated Indicators entered in the Indicator Type section.
    • Association Details: This section lists the Group Description and Tags provided in the Details section (Figure 12) if the Apply Descriptions to Associations and Apply Tags to Associations checkboxes were clicked, respectively.
    • Threat Rating: Use the skull icons to set the Threat Rating for the Association.
    • Confidence Rating: Use the slider to set the Confidence Rating for the Association.
    • Click the NEXT button to go to the Attachments section (Figure 14).
    • Upload any attachments for the Group.
    • Click the SAVE button to save the Group and view its Details screen.
  2. Follow Step 1 for any other Group, as illustrated by Steps 3–10. Note that the Associations screen (Figure 13) and Attachments screen (Figure 14) are the same for all Groups, except that the type of Group and Group icon in the upper left corner of the screen change depending on which Group is being created.
  3. Campaign (Figure 15)
    • Type: The Type dropdown menu can be used to select a different Group type if desired. If a new Group type is selected, the Details section will automatically change to the section for that type.
    • Owner: Select the object’s Owner. The selected Owner determines the Organization, Community, or Source that will own the created data.
    • Summary: Use this section to provide a name for the Group.
    • First Seen: Enter the date on which this Campaign was first observed.
    • Description: Provide a general description of the Group, such as the types of actors it comprises; tactics, techniques, and procedures (TTPs); etc.
    • Apply Description to Associations: Check this box to apply the Description to the Group’s Associations.
    • Tags: Enter Tags for the Group.
    • Apply Tags to Associations: Check this box to apply the Tags to the Group’s Associations.
    • Click the NEXT button to go to the Associations section (Figure 13) and then to the Attachments section (Figure 14).
  4. Document (Figure 16)
    • Type: The Type dropdown menu can be used to select a different Group type if desired. If a new Group type is selected, the Details section will automatically change to the section for that type.
    • Owner: Select the object’s Owner. The selected Owner determines the Organization, Community, or Source that will own the created data.
    • Summary: Use this section to provide a name for the Group.
    • Upload Document: Use this section to upload the Document. Note that once the Document has been uploaded, the filename will appear underneath the orange malware warning, along with a checkbox labeled Add to Malware Vault. Leave the box unchecked unless you are uploading a malware file. (See Uploading Malware for further information.)
    • Description: Provide a general description of the Group, such as the types of actors it comprises; tactics, techniques, and procedures (TTPs); etc.
    • Apply Description to Associations: Check this box to apply the Description to the Group’s Associations.
    • Tags: Enter Tags for the Group.
    • Apply Tags to Associations: Check this box to apply the Tags to the Group’s Associations.
    • Click the NEXT button to go to the Associations section (Figure 13) and then to the Attachments section (Figure 14).
  5. Event (Figure 17)
    • Type: The Type dropdown menu can be used to select a different Group type if desired. If a new Group type is selected, the Details section will automatically change to the section for that type.
    • Owner: Select the object’s Owner. The selected Owner determines the Organization, Community, or Source that will own the created data.
    • Summary: Use this section to provide a name for the Group.
    • Status: Choose the current status of the Event from the dropdown menu.
    • Event Date: Enter the date on which the Event occurred.
    • Description: Provide a general description of the Group, such as the types of actors it comprises; tactics, techniques, and procedures (TTPs); etc.
    • Apply Description to Associations: Check this box to apply the Description to the Group’s Associations.
    • Tags: Enter Tags for the Group.
    • Apply Tags to Associations: Check this box to apply the Tags to the Group’s Associations.
    • Click the NEXT button to go to the Associations section (Figure 13) and then to the Attachments section (Figure 14).
  6. Incident (Figure 18)
    • Type: The Type dropdown menu can be used to select a different Group type if desired. If a new Group type is selected, the Details section will automatically change to the section for that type.
    • Owner: Select the object’s Owner. The selected Owner determines the Organization, Community, or Source that will own the created data.
    • Summary: Use this section to provide a name for the Group.
    • Status: Choose the current status of the Incident from the dropdown menu.
    • Event Date: Enter the date on which the Incident occurred.
    • Description: Provide a general description of the Group, such as the types of actors it comprises; tactics, techniques, and procedures (TTPs); etc.
    • Apply Description to Associations: Check this box to apply the Description to the Group’s Associations.
    • Tags: Enter Tags for the Group.
    • Apply Tags to Associations: Check this box to apply the Tags to the Group’s Associations.
    • Click the NEXT button to go to the Associations section (Figure 13) and then to the Attachments section (Figure 14).
  7. Intrusion Set (Figure 19)
    • Type: The Type dropdown menu can be used to select a different Group type if desired. If a new Group type is selected, the Details section will automatically change to the section for that type.
    • Owner: Select the object’s Owner. The selected Owner determines the Organization, Community, or Source that will own the created data.
    • Summary: Use this section to provide a name for the Group.
    • Description: Provide a general description of the Group, such as the types of actors it comprises; tactics, techniques, and procedures (TTPs); etc.
    • Apply Description to Associations: Check this box to apply the Description to the Group’s Associations.
    • Tags: Enter Tags for the Group.
    • Apply Tags to Associations: Check this box to apply the Tags to the Group’s Associations.
    • Click the NEXT button to go to the Associations section (Figure 13) and then to the Attachments section (Figure 14).
  8. Report (Figure 20)
    • Type: The Type dropdown menu can be used to select a different Group type if desired. If a new Group type is selected, the Details section will automatically change to the section for that type.
    • Owner: Select the object’s Owner. The selected Owner determines the Organization, Community, or Source that will own the created data.
    • Summary: Use this section to provide a name for the Group.
    • Upload Document: Use this section to upload the Report. Once the Report has been uploaded, the filename will appear underneath the orange warning box.
    • Publish Date: Enter the date on which the Report was published.
    • Description: Provide a general description of the Group, such as the types of actors it comprises; tactics, techniques, and procedures (TTPs); etc.
    • Apply Description to Associations: Check this box to apply the Description to the Group’s Associations.
    • Tags: Enter Tags for the Group.
    • Apply Tags to Associations: Check this box to apply the Tags to the Group’s Associations.
    • Click the NEXT button to go to the Associations section (Figure 13) and then to the Attachments section (Figure 14).
  9. Task (Figure 21)
    • Type: The Type dropdown menu can be used to select a different Group type if desired. If a new Group type is selected, the Details section will automatically change to the section for that type.
    • Owner: Select the object’s Owner. The selected Owner determines the Organization, Community, or Source that will own the created data.
    • Summary: Use this section to provide a name for the Group.
    • Status: Choose the current status of the Task from the dropdown menu.
    • Reminder Date: Use the pop-up calendar to choose a date on which a reminder about the Task will be sent.
    • Assign To: Use the dropdown menu to choose one or more people to whom the task is to be assigned.
    • Due Date: Use the pop-up calendar to choose a due date for the task.
    • Escalation Date: Use the pop-up calendar to choose an escalation date, if desired.
    • Escalate To: Use the dropdown menu to choose one or more people to whom the task is to be escalated. If this date is met and the Task has not been completed, the system will assign the Task to another (perhaps more senior) individual.
    • Description: Provide a general description of the Group, such as the types of actors it comprises; tactics, techniques, and procedures (TTPs); etc.
    • Apply Description to Associations: Check this box to apply the Description to the Group’s Associations.
    • Tags: Enter Tags for the Group.
    • Apply Tags to Associations: Check this box to apply the Tags to the Group’s Associations.
    • Follow: Check this box to follow the Task (i.e., receive notifications about changes and updates). Then select a Notification Level from the dropdown menu that appears. For more information about the Follow feature and notification levels, see Notifications and Following.
    • Click the NEXT button to go to the Associations section (Figure 13) and then to the Attachments section (Figure 14).
  10. Threat (Figure 22)
    • Type: The Type dropdown menu can be used to select a different Group type if desired. If a new Group type is selected, the Details section will automatically change to the section for that type.
    • Owner: Select the object’s Owner. The selected Owner determines the Organization, Community, or Source that will own the created data.
    • Summary: Use this section to provide a name for the Group.
    • Description: Provide a general description of the Group, such as the types of actors it comprises; tactics, techniques, and procedures (TTPs); etc.
    • Apply Description to Associations: Check this box to apply the Description to the Group’s Associations.
    • Tags: Enter Tags for the Group.
    • Apply Tags to Associations: Check this box to apply the Tags to the Group’s Associations.
    • Click the NEXT button to go to the Associations section (Figure 13) and then to the Attachments section (Figure 14).

Creating a Track

Before a user can create a Track, an Organization Administrator must enable DomainTools Reverse Whois Tracking:

  1. From the top navigation bar (Figure 1), hover the cursor over the Settings icon and select ORG SETTINGS from the dropdown menu (Figure 23).
  2. The Organization Settings screen will appear (Figure 24).
  3. Click the Settings tab, and the Settings screen will appear (Figure 25).
  4. Click the ENABLE button under the Reverse Whois section on the top right, and the Setup DomainTools window will appear (Figure 26).
  5. Enter the User Name and API Key, and then click the SAVE button.

NOTE: The number of Tracks a user can create is determined by the user’s agreement with DomainTools.

To create a Track, from the top navigation bar (Figure 1), place the cursor over CREATE and then over the TRACK option. The Create Reverse Whois Track window will appear (Figure 27).

  • Owner: Select the object’s Owner. The selected Owner determines the Organization, Community, or Source that will own the created data.
  • Name: Enter a name for the Track.
  • Contains/Does Not Contain: Enter terms that the Track should and should not contain.
  • TEST: Use the TEST button to test the Track.
  • Click the SAVE button to save the Track.

Creating a Victim

From the top navigation bar (Figure 1), place the cursor over CREATE and then over the VICTIM option. The Create Victim window will appear (Figure 28).

  • Owner: Select the object’s Owner. The selected Owner determines the Organization, Community, or Source that will own the created data.
  • Name: Enter a name for the Victim.
  • Victim Organization: Enter the name of the Victim Organization.
  • Click the SAVE button to save the Victim.

20003-08 EN Rev. B

Contact Us

  • ThreatConnect, Inc.
    3865 Wilson Blvd.
    Suite 550
    Arlington, VA 22203

    Toll Free:   1.800.965.2708
    Local: +1.703.229.4240
    Fax +1.703.229.4489

    Email Us



https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete