Accessing an Object’s Graph
  • 17 Nov 2022
  • 1 Minute to read
  • Dark
    Light

Accessing an Object’s Graph

  • Dark
    Light

Indicators and Groups

To access the graph for an Indicator or Group, click the Explore In Graph button displayed on the object’s Details drawer or Details screen. The object’s graph will open in a new browser tab (Figure 1).

A screenshot of a computer  Description automatically generated

 

When you first open an Indicator’s or Group’s graph, an origin node representing the object and a node label containing its summary will be displayed in the middle of the graph. For Indicators, the node’s shape is a circle; for Groups, the node’s shape is an octagon.

Note
A node’s icon corresponds to the type of Indicator or Group the node represents. To view a legend that defines the Indicator or Group type associated with each icon, click theA picture containing wrench, tool  Description automatically generated icon at the lower-left corner of the screen.

Clicking on an Indicator or Group node will display a contextual menu with the following options: Pivot in ThreatConnect, Pivot with CAL, and View Details. If a Group node represents an Adversary, Intrusion Set, Malware, Threat, or Tool Group and information for that Group exists in ThreatConnect’s Collective Analytics Layer (CAL™), two additional menu options will be displayed: CAL Alias Information and Combine Group Nodes by Alias.

Important
If CAL is not enabled on your ThreatConnect instance or for your Organization, the Pivot with CAL option will not be displayed for Indicators and Groups, and the CAL Alias Information and Combine Group Nodes by Alias options will not be displayed for Adversary, Intrusion Set, Malware, Threat, and Tool Groups on which CAL has information.
Important
The Pivot with CAL option will not be displayed for File Indicators, as CAL does not have information on Indicator-to-Indicator associations for Files at this time, or private Indicators.

Cases

To access the graph screen for a Case, navigate to the Cases screen, select a Case to view, and click the Explore In Graph button at the upper-right corner of the Case. The Case’s graph will open in a new tab (Figure 2).

Accessing an Objects Graph_Figure 2

 

When you first open a Case’s graph, an origin node representing the Case and a node label containing its name will be displayed in the middle of the graph. For Cases, the node’s shape is a diamond.

Clicking on a Case node will display a contextual menu with the following options: Pivot in ThreatConnect and View Details.


ThreatConnect® is a registered trademark, and CAL™ is a trademark, of ThreatConnect, Inc.

20117-03 v.05.B


Was this article helpful?