Threat Intelligence administration

The Threat Intelligence base system is ready to use upon activation. You can add records to certain modules in the Administration application menu, but most are already populated with industry-standard information.

The following applications are available under the Administration module of the Threat Intelligence navigation bar:
Table 1. Threat Intelligence administration applications
Application Description
Properties Threat Intelligence properties allow you to control how different aspects of the system function, including the setting of API keys.
Attack Mechanism This module organizes attack patterns hierarchically, based on mechanisms that are frequently employed when exploiting a vulnerability.
Discovery Method This module describes how security incidents are discovered.
Feeds The Threat feeds feature allows you to define any RSS news feed or bulletins to be displayed in a scrolling feed in the Threat Intelligence Overview module.
Indicator Types This module is used to characterize cyber threat indicators made up of patterns that identify certain observable conditions, as well as contextual information about the meaning of the patterns, and how and when they should be acted upon.
Intended Effect This application is used for expressing the intended effect of a threat actor.
Notifications This module is used for creating email notifications. This involves specifying when they should be sent, who receives them, and what they contain.
Observable Types This module lists the possible classifications of an observable, such as an IP address or file hash.
Threat Actor Type This module characterizes malicious actors (or adversaries) representing a cyber attack threat, including presumed intent and historically observed behavior.