What is security tags in Secops any examples to understand it

Go to solution
Satya24
Mega Contributor

‎03-01-2020 09:55 AM

Hi folks,

What's is security tags in Secops how it's helpful any use cases or examples

Will be appreciated thank you request your help for same 

 

Regards satya 

Labels:
0 Helpfuls
  • 2,491 Views
1 ACCEPTED SOLUTION

Go to solution
_willians
ServiceNow Employee
ServiceNow Employee

‎03-01-2020 10:04 AM

Security Tags are used to define the publicity of this content and very common on CSIRTs.

Traffic Light Protocol: This group is used to ensure that sensitive information is shared with the correct audience. It employs four colors (White, Green, Amber, and Red) to indicate different degrees of sensitivity. For each color, you can assign the appropriate read/write access roles. When sharing observables to a trusted security circle, the tag assigned to the trusted security circle profile determines which TLP-tagged observables can be shared to the circle, as follows:

  • TLP: WHITE: Only observables with TLP: WHITE can be shared to a TLP: WHITE profile.
  • TLP: GREEN: Observables with TLP: GREEN and TLP: WHITE can be shared to a TLP: GREEN profile.
  • TLP: AMBER: Observables with TLP: AMBER, TLP: GREEN, and TLP: WHITE can be shared to a TLP: AMBER profile.
  • TLP: RED: All observables, regardless of their TLP tag, can be shared with a TLP: RED profile since TLP: RED is the highest ranked TLP tag.

Please take a look at the definition at FIRST.org --> https://www.first.org/tlp/

I hope it helps.

View solution in original post

0 Helpfuls
1 REPLY 1

Go to solution
_willians
ServiceNow Employee
ServiceNow Employee

‎03-01-2020 10:04 AM

Security Tags are used to define the publicity of this content and very common on CSIRTs.

Traffic Light Protocol: This group is used to ensure that sensitive information is shared with the correct audience. It employs four colors (White, Green, Amber, and Red) to indicate different degrees of sensitivity. For each color, you can assign the appropriate read/write access roles. When sharing observables to a trusted security circle, the tag assigned to the trusted security circle profile determines which TLP-tagged observables can be shared to the circle, as follows:

  • TLP: WHITE: Only observables with TLP: WHITE can be shared to a TLP: WHITE profile.
  • TLP: GREEN: Observables with TLP: GREEN and TLP: WHITE can be shared to a TLP: GREEN profile.
  • TLP: AMBER: Observables with TLP: AMBER, TLP: GREEN, and TLP: WHITE can be shared to a TLP: AMBER profile.
  • TLP: RED: All observables, regardless of their TLP tag, can be shared with a TLP: RED profile since TLP: RED is the highest ranked TLP tag.

Please take a look at the definition at FIRST.org --> https://www.first.org/tlp/

I hope it helps.

0 Helpfuls