Define marking definitions

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Define marking definitions that represent a specific data marking.

    Before you begin

    Role required: sn_ti.admin

    Procedure

    1. Navigate to All > Threat Intelligence > IoC Repository > Marking Definitions.
    2. Click New.
    3. Complete the fields in the form as appropriate.
      FieldDescription
      Definition Specify the marking object (example, TLP) or some other marking definition that has been defined.
      Definition Type Identifies the type of marking definition - statement or TLP (Traffic Light Protocol).
      Source Specifies the threat source from which this record is created.
      Source ID Unique identifier for this object in the threat source.
      Created Time in Source Specifies the time the object is created in the source.
      Modified Time in Source Specifies the time the object is modified in the source.
    4. Click Submit.

    What to do next

    Click any of the following related lists to view additional information about objects associated with the marking definition.

    Related Links and Related Lists Description
    Show Relationships Opens the STIX Visualizer where you can view the relationship of the STIX object.

    Show Relationships appears only when the object has an associated object.
    Marked Objects Lists of objects marked with the marking definition.
    Marked Indicators Lists of indicators marked with the marking definition.