The Cross-Intel Sharing app allows ThreatConnect® users to share packaged intelligence in the form of Group data objects with users on other instances of the platform. A Group that is being shared must first be published by a Community Director in the sending instance as a JSON file. See The Publish Feature for more details. The Cross-Intel Sharing app must then be installed and configured by an Organization Administrator in the receiving instance, as detailed in this article.
- On the top navigation bar (Figure 1), hover the cursor over the Settings icon and select ORG SETTINGS from the dropdown menu (Figure 2).
- The Organization Settings screen will appear (Figure 3).
- Click the Apps tab, and the Apps screen will appear in Jobs view (Figure 4).
- Click the Plus button at the top right corner, and the Add Job window will appear with the Program screen selected (Figure 5).
- Enter a Job Name, choose ThreatConnect Cross Intel Sharing from the Run Program dropdown menu, and then click the NEXT button. The Parameters screen will appear (Figure 6).
- Api User: Choose the API user from the dropdown menu.
- Target Owner: Use the dropdown menu to select the name of the Organization, Community, or Source that will contain the data in the receiving instance.
NOTE: Do not select a Target Owner that receives data by any other means. Other data brought into that Owner will be overwritten by the data pulled in through the Cross-Intel Sharing app.
- Source ThreatConnect API URL: Enter the API URL for the ThreatConnect instance from which the data are being sourced.
- Source ThreatConnect Organization Id: Enter the name of the Organization from which the data are being sourced.
- Source ThreatConnect API Access ID: Enter the API Access ID for the ThreatConnect instance from which the data are being sourced.
- Source ThreatConnect API Secret Key: Enter the API Secret Key for the ThreatConnect instance from which the data are being sourced.
- Logging level: Select a logging level from the dropdown menu. WARN is the recommended choice.
- Click the NEXT button, and the Schedule screen will appear (Figure 7).
NOTE: Once data objects have been shared to an instance, they cannot be “unshared.”
NOTE: Changes that are made to a Group after it has been published will not be reflected in the JSON file. The Group will need to be published again in order to capture any changes that occur after its publication. Once the Group has been published again, the Job for the Cross-Intel Sharing app will share the new JSON file during its next scheduled run.