Accessing an Object’s Graph

Indicators and Groups

To access the graph for an Indicator or Group, click the Explore In Graph button displayed on the object’s Details drawer or Details screen. The object’s graph will open in a new browser tab (Figure 1).

When you first open an Indicator’s or Group’s graph, an origin node representing the object and a node label containing its summary will be displayed in the middle of the graph. For Indicators, the node’s shape is a circle; for Groups, the node’s shape is an octagon.

Note

A node’s icon corresponds to the type of Indicator or Group the node represents. To view a legend that defines the Indicator or Group type associated with each icon, click the icon at the lower-left corner of the screen.

Clicking on an Indicator or Group node will display a contextual menu with the following options: Pivot in ThreatConnect, Pivot with CAL, and View Details. If a Group node represents an Adversary, Intrusion Set, Malware, Threat, or Tool Group and information for that Group exists in ThreatConnect’s Collective Analytics Layer (CAL™), two additional menu options will be displayed: CAL Alias Information and Combine Group Nodes by Alias. If an Indicator node represents an Indicator type for which an enrichment service has been enabled, an additional menu option will be displayed: Enrich.

Cases

To access the graph screen for a Case, navigate to the Cases screen, select a Case to view, and click the Explore In Graph button at the upper-right corner of the Case. The Case’s graph will open in a new tab (Figure 2).

When you first open a Case’s graph, an origin node representing the Case and a node label containing its name will be displayed in the middle of the graph. For Cases, the node’s shape is a diamond.

Clicking on a Case node will display a contextual menu with the following options: Pivot in ThreatConnect and View Details.

ThreatConnect^® is a registered trademark, and CAL™ is a trademark, of ThreatConnect, Inc.

20117-03 v.05.C