Creating Custom Attributes

Last Updated: Nov 01, 2018 06:17PM EDT
Organization Administrator
None

Overview

Attributes are a very powerful way to enrich data in ThreatConnect®. The following types of data can have custom Attributes added to them:

Indicators

  • Address (IP)
  • ASN
  • CIDR
  • E-mail Address
  • File
  • Host
  • Mutex
  • Registry Key
  • URL
  • User Agent

Groups

  • Adversary
  • Campaign
  • Document
  • Email
  • Event
  • Incident
  • Intrusion Set
  • Report
  • Signature
  • Task
  • Threat

Other

  • Victim

NOTE: Only an Organization Administrator can create and edit custom Attributes.

Steps

  1. On the top navigation bar (Figure 1), place the cursor over the Settings icon and select ORG CONFIG from the dropdown menu (Figure 2).
  2. The Organization Config screen will appear (Figure 3).
  3. Click the + NEW button, and the Configure Attribute Type screen will appear (Figure 4).
    • Name: Click in the box to enter the name of the custom Attribute as it will appear on menus and on the Details screen for Indicators and Groups.
    • Max Length: Click in the box (or use the plus and minus symbols) to enter the maximum size, in characters, of the custom Attribute, if applicable, based on the Attribute’s assigned Validation Rule.
    • Description: Click in the box to enter a description of the custom Attribute as seen by users when inputting a value for the Attribute or when viewing it from the Details screen.
    • Error Message: Click in the box to enter the message presented to users who try to input a value that does not meet the custom Attribute’s Validation Rules.
    • Validation Rule: Click on the dropdown menu to select the schema that determines whether a user’s input is valid when logging an Attribute for an Indicator or Group. ThreatConnect is preloaded with a variety of Validation Rules, such as Boolean, Country, and Date. System, Community, and Organization Administrators are able to define their own Attribute Validation Rules as needed.
    • Allow Markdown: Click this checkbox to allow the Markdown language to be used when configuring an Attribute. (See Creating Attributes for more information.)
    • Mapping: Click the checkboxes to specify the types of Indicators or Groups to which the Attribute can apply. For example, it may make sense to track a "work-hours" Attribute against an Incident or File, but not against a URL.
  4. Click the SAVE button to create the custom Attribute.

20029-06 EN Rev. D

Contact Us

  • ThreatConnect, Inc.
    3865 Wilson Blvd.
    Suite 550
    Arlington, VA 22203

    Toll Free:   1.800.965.2708
    Local: +1.703.229.4240
    Fax +1.703.229.4489

    Email Us



https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete