The Cross-Intel Sharing App: Sharing Data Across ThreatConnect Instances

Last Updated: Dec 27, 2018 10:42AM EST
Organization Administrator
A Group that has been published; API account


The Cross-Intel Sharing app allows ThreatConnect® users to share packaged intelligence in the form of Group data objects with users on other instances of the platform. A Group that is being shared must first be published by a Community Director in the sending instance as a JSON file. See The Publish Feature for more details. The Cross-Intel Sharing app must then be installed and configured by an Organization Administrator in the receiving instance, as detailed in this article.


  1. On the top navigation bar (Figure 1), hover the cursor over the Settings icon and select ORG SETTINGS from the dropdown menu (Figure 2).
  2. The Organization Settings screen will appear (Figure 3).
  3. Click the Apps tab, and the Apps screen will appear in Jobs view (Figure 4).
  4. Click the Plus button at the top right corner, and the Add Job window will appear with the Program screen selected (Figure 5).
  5. Enter a Job Name, choose ThreatConnect Cross Intel Sharing from the Run Program dropdown menu, and then click the NEXT button. The Parameters screen will appear (Figure 6).
    • Api User: Choose the API user from the dropdown menu.
    • Target Owner: Use the dropdown menu to select the name of the Organization, Community, or Source that will contain the data in the receiving instance.
      NOTE: Do not select a Target Owner that receives data by any other means. Other data brought into that Owner will be overwritten by the data pulled in through the Cross-Intel Sharing app.
    • Source ThreatConnect API URL: Enter the API URL for the ThreatConnect instance from which the data are being sourced.
    • Source ThreatConnect Organization Id: Enter the name of the Organization from which the data are being sourced.
    • Source ThreatConnect API Access ID: Enter the API Access ID for the ThreatConnect instance from which the data are being sourced.
    • Source ThreatConnect API Secret Key: Enter the API Secret Key for the ThreatConnect instance from which the data are being sourced.
    • Logging level: Select a logging level from the dropdown menu. WARN is the recommended choice.
    • Click the NEXT button, and the Schedule screen will appear (Figure 7).
  6. Use the Schedule dropdown menu to select whether the Job for this app will run daily, weekly, or monthly. Then set the run time or frequency. Click the NEXT button, and the Output screen will appear (Figure 8).
  7. Click the Enable Notifications checkbox to enable notifications about the Job. Enter the Email Address to which notifications should go, select which Notify on Job Result option(s) should result in a notification, and click the Include Log Files checkbox to include log files in the notifications.
  8. Click the SAVE button. The shared data will be available for viewing on the Browse screen in the target Organization in the receiving instance.

    NOTE: Once data objects have been shared to an instance, they cannot be “unshared.”

    NOTE: Changes that are made to a Group after it has been published will not be reflected in the JSON file. The Group will need to be published again in order to capture any changes that occur after its publication. Once the Group has been published again, the Job for the Cross-Intel Sharing app will share the new JSON file during its next scheduled run.

20061-01 EN Rev. I

Contact Us

  • ThreatConnect, Inc.
    3865 Wilson Blvd.
    Suite 550
    Arlington, VA 22203

    Toll Free:   1.800.965.2708
    Local: +1.703.229.4240
    Fax +1.703.229.4489

    Email Us
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found