Threat Intelligence administration
The Threat Intelligence base system is ready to use on activation. You can add records to certain modules in the Administration application menu, but most are already populated with industry-standard information.
The following applications are available under the Administration
module of the Threat Intelligence
navigation bar:
| Application | Description |
|---|---|
| Properties | Threat Intelligence properties allow you to control how different aspects of the system function, including the setting of API keys. |
| Attack Mechanisms | This module organizes attack patterns hierarchically, based on mechanisms that are frequently employed when exploiting a vulnerability. |
| Attack Motivations | This module lists the possible attack motivations that shape intensity of an attack by a threat actor or intrusion set. |
| Discovery Methods | This module describes how security incidents are discovered. |
| Feeds | This feature has been deprecated. |
| Indicator Types | This module is used to characterize cyber threat indicators made up of patterns that identify certain observable conditions, as well as contextual information about the meaning of the patterns, and how and when they are acted on. |
| Infrastructure Types | This module lists the possible classifications of infrastructure. |
| Intended Effects | This application is used for expressing the intended effect of a threat actor. |
| Malware Capabilities | This module lists the possible capabilities of malware. |
| Malware Types | This module lists the possible classifications of malware. |
| Notifications | This module is used for creating email notifications. This involves specifying when they are sent, who receives them, and what they contain. |
| Observable Types | This module lists the possible classifications of an observable, such as an IP address or file hash. |
| Report Types | This module lists the possible classifications of threat reports. |
| Threat Actor Roles | This module lists the roles the threat actors play. |
| Threat Actor Types | This module characterizes malicious actors (or adversaries) representing a cyber attack threat, including presumed intent and historically observed behavior. |
| Threat Lookup Finding Calculators | This module calculates the findings based on the responses received. For third-party integrations that provide the computed results, the threat lookup finding calculator maps the results to supported findings in the system. For more information, see Threat Lookup Finding Calculators. |
| Tool Types | This module lists the possible classification of tools. |