Define a geographic location to provide more context to other SDOs.

Before you begin

Role required: sn_ti.admin

Procedure

  1. Navigate to All > Threat Intelligence > IoC Repository > Locations.
  2. Click New.
  3. Complete the fields in the form as appropriate.
    FieldDescription
    Name Enter a descriptive name to identify the location.
    Street Address The street address that this location describes. This property includes all aspects or parts of the street address.
    City The city that this location is in.
    Postal Code The postal code that this location is in.
    Region The region that this location is in.
    Country The country that this location is in.
    Latitude The latitude of the Location in decimal degrees. Positive numbers describe latitudes north of the equator, and negative numbers describe latitudes south of the equator.

    The value of this property must be from -90.0 through 90.0 respectively.
    Longitude The longitude of the location in decimal degrees. Positive numbers describe longitudes east of the prime meridian and negative numbers describe longitudes west of the prime meridian.

    The value of this property must be from -180.0 through 180.0, inclusive.
    Source Specifies the threat source from which this record is created.
    Description A description that provides more details and context about the intrusion set, potentially including its purpose and its key characteristics.
    Source ID Unique identifier for this object in the threat source.
    Created Time in Source Specifies the time the object is created in the source.
    Modified Time in Source Specifies the time the object is modified in the source.
  4. Click Submit.

What to do next

Click any of the following related lists to view additional information about objects associated with the location.
Related Links and Related ListsDescription
Show Relationships Opens the STIX Visualizer where you can view the relationship of the STIX object.

Show Relationships appears only when the object has an associated object.
External References Lists external references which refer to non-STIX information. This property is used to provide one or more external object identifiers.
Attack Patterns Lists the attack patterns that help categorize attacks that are associated with this object.
Campaigns Lists campaigns associated with this object.
Identities List of identities associated with this object.
Infrastructure Lists systems, software services, and any associated physical or virtual resources that are associated with this object.
Intrusion Set Lists a set of adversarial behaviors and resources with common properties associated with this object.
Malware Lists malicious code associated with this object.
Threat Actors Lists individuals, groups, or organizations who act with malicious intent associated with this object.
Tools Lists legitimate software that is used by threat actors to perform attacks associated with this object.