The Description Attribute

Last Updated: Nov 01, 2018 01:08PM EDT


The Description Attribute, found on every Indicator, Group, Tag, Track, Victim, and Victim Asset in ThreatConnect®, is a space for the analyst to provide a brief, high-level explanation of the nature of the content. This information is useful for future reference and to enable team members to quickly comprehend the meaning of the threat intelligence that they are seeing.


  1. From the top navigation bar (Figure 1), hover the cursor over BROWSE and then over the INDICATORS, GROUPS, TAGS, or VICTIMS option. Click on one of the objects (HOST Indicator in this example) to display a results table (Figure 2).
  2. Click on one of the entries, and the Details flyout for that entry will appear (Figure 3).
  3. Click the Details icon at the top right corner of the flyout, and the Overview tab of the Details screen will appear (Figure 4). Scroll down until the Description card appears on the left. Alternatively, hover over the object's entry in the table in Figure 2 and click on the Details icon that appears on the right side of its Summary cell to go straight to the Overview tab of the Details screen.
  4. Figure 5 is an example of a Description for an Indicator involving VPNs (Virtual Private Networks). This Description provides pertinent threat intelligence to the user analyzing the incident. The goal of a good description is to provide information on who, when, where, how, and why in a succinct manner. When possible, always answer these questions in the Description card, and reserve in-depth analysis for the "Additional Analysis and Context" Attribute. See Creating Attributes for more information.
  5. To enter a new Description, click on the Click here to add one. text in the Description card (Figure 6).
  6. The Edit Attribute window will appear (Figure 7).
    • Attribute Type: Select Description from the dropdown menu at the top of the screen.
    • Default: Check this box to set this Description as the default in the event that there are other Descriptions for the object from other sources.
    • Choose Security Labels: Choose a Security Label for the Description.
    • Attribute Source: Choose an existing Attribute Source from the dropdown menu or enter a new one.
    • Save Source: Click this checkbox to save the Source so it will appear in the Attribute Source drop-down menu in the future for objects belonging to the same Owner.
    • Text Box: Click inside the text box to enter the Description, either in plain text or in Markdown. (See the "Using Markdown with an Attribute" section in Creating Attributes.)
  7. Click the SAVE button.
  8. The Attribute will appear in the Description card (Figure 8) and the Attributes card (Figure 9).
  9. To edit the Description, click the pencil icon  for the Description in the Attributes card. To delete it, click the trash  icon. Changes made to the Description in the Attributes card will be applied to both cards.

20025-07 EN Rev. C

Contact Us

  • ThreatConnect, Inc.
    3865 Wilson Blvd.
    Suite 550
    Arlington, VA 22203

    Toll Free:   1.800.965.2708
    Local: +1.703.229.4240
    Fax +1.703.229.4489

    Email Us
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found