Associations Overview

Updated on 15 May 2023
1 Minute to read

Print
Dark

Light

Article Summary

An association is one of the most powerful features in ThreatConnect^®. Associating Indicators with Groups empowers an analyst to pivot to any related Group, such as Adversaries, Documents, Threats, etc. You can also create associations between Indicators via custom associations, and you can associate two Groups of any type to each other. If cross-owner associations are enabled on your ThreatConnect instance, you can create associations between threat intelligence objects in your Organization and those in your Communities and Sources, allowing greater visualization and insight into all of the data to which you have access.

Indicators and Groups can also be associated to Workflow Cases and Artifacts in Workflow Cases. Creating these associations is one of the main ways to connect information gathered within a Workflow Case with threat intelligence in your Organization, Communities, and Sources.

You can view and create associations on the Associations tab of the Details screen and the Associations card on the legacy Details screen . You can also use Threat Graph to discover, visualize, and explore associations in a graph-based interface.

Note

If cross-owner associations are disabled after being enabled previously, users can still view and remove cross-owner associations created while this feature was enabled. However, they will not be able to create new cross-owner associations.

Before You Start

Minimum Role(s)	Organization role of Read Only User (for viewing associations in your Organization) Community role of User (for viewing associations in a Community or Source) Note To view cross-owner associations, you must have an owner role with at least viewing permissions in both owners. Organization role of Standard User (for creating and modifying associations) Community role of Editor (for creating and modifying associations in a Community or Source) Note To create and modify cross-owner associations, you must have an owner role with editing permissions one of the owners and an owner role with at least viewing permissions in the other. Users with an Organization role of App Developer cannot view associated and potentially associated Cases and Artifacts, because they do not have access to Workflow
Prerequisites	Cross-owner associations enabled by a System Administrator (for creating associations between Groups and Indicators in your Organization and Groups and Indicators in Communities and Sources to which you have access)

Minimum Role(s)

Organization role of Read Only User (for viewing associations in your Organization)
Community role of User (for viewing associations in a Community or Source)
Note
To view cross-owner associations, you must have an owner role with at least viewing permissions in both owners.
Organization role of Standard User (for creating and modifying associations)
Community role of Editor (for creating and modifying associations in a Community or Source)
Note
To create and modify cross-owner associations, you must have an owner role with editing permissions one of the owners and an owner role with at least viewing permissions in the other.
Users with an Organization role of App Developer cannot view associated and potentially associated Cases and Artifacts, because they do not have access to Workflow

Prerequisites

Cross-owner associations enabled by a System Administrator (for creating associations between Groups and Indicators in your Organization and Groups and Indicators in Communities and Sources to which you have access)

ThreatConnect^® is a registered trademark of ThreatConnect, Inc.

20076-01 v.09.C

Was this article helpful?

What's Next

The Associations Card

Table of contents

Before You Start

Associations Overview

Before You Start

Related articles

What's Next