Associations Overview
  • 15 May 2023
  • 1 Minute to read
  • Dark
    Light

Associations Overview

  • Dark
    Light

Article Summary

An association is one of the most powerful features in ThreatConnect®. Associating Indicators with Groups empowers an analyst to pivot to any related Group, such as Adversaries, Documents, Threats, etc. You can also create associations between Indicators via custom associations, and you can associate two Groups of any type to each other. If cross-owner associations are enabled on your ThreatConnect instance, you can create associations between threat intelligence objects in your Organization and those in your Communities and Sources, allowing greater visualization and insight into all of the data to which you have access.

Indicators and Groups can also be associated to Workflow Cases and Artifacts in Workflow Cases. Creating these associations is one of the main ways to connect information gathered within a Workflow Case with threat intelligence in your Organization, Communities, and Sources.

You can view and create associations on the Associations tab of the Details screen and the Associations card on the legacy Details screen. You can also use Threat Graph to discover, visualize, and explore associations in a graph-based interface.

Note
If cross-owner associations are disabled after being enabled previously, users can still view and remove cross-owner associations created while this feature was enabled. However, they will not be able to create new cross-owner associations.

Before You Start

Minimum Role(s)
  • Organization role of Read Only User (for viewing associations in your Organization)
  • Community role of User (for viewing associations in a Community or Source)
    Note
    To view cross-owner associations, you must have an owner role with at least viewing permissions in both owners.
  • Organization role of Standard User (for creating and modifying associations)
  • Community role of Editor (for creating and modifying associations in a Community or Source)
    Note
    To create and modify cross-owner associations, you must have an owner role with editing permissions one of the owners and an owner role with at least viewing permissions in the other.
  • Users with an Organization role of App Developer cannot view associated and potentially associated Cases and Artifacts, because they do not have access to Workflow
PrerequisitesCross-owner associations enabled by a System Administrator (for creating associations between Groups and Indicators in your Organization and Groups and Indicators in Communities and Sources to which you have access)

ThreatConnect® is a registered trademark of ThreatConnect, Inc.

20076-01 v.09.C


Was this article helpful?