--- title: "Associations Overview | ThreatConnect" slug: "associations-overview" description: "This article describes associations in ThreatConnect and the corresponding minimum roles and prerequisites for this feature." tags: ["Getting Started", "Connecting Data"] updated: 2024-10-04T11:55:45Z published: 2024-10-04T11:55:45Z --- > ## Documentation Index > Fetch the complete documentation index at: https://knowledge.threatconnect.com/llms.txt > Use this file to discover all available pages before exploring further. # Associations Overview An association, one of the most powerful features in ThreatConnect®, models a relationship between two objects. Associating data empowers an analyst to [pivot](https://knowledge.threatconnect.com/docs/pivoting-on-data) to related objects and further investigate their relationships to the primary object in the association. In ThreatConnect, you can - associate Groups to [Intelligence Requirements](https://knowledge.threatconnect.com/docs/intelligence-requirements) (IRs), Indicators, Victim Assets, and other Groups; - associate Indicators to IRs, Groups, Victim Assets, and, using custom associations, other Indicators; and - associate IRs to Indicators, Groups, and Victim Assets. In addition, you can associate Groups, Indicators, and IRs to [Workflow Cases](https://knowledge.threatconnect.com/v1/docs/workflow-cases) and their [Artifacts](https://knowledge.threatconnect.com/v1/docs/artifacts) and vice versa. Creating these [associations](https://knowledge.threatconnect.com/v1/docs/case-associations) is one of the main ways to connect information gathered within a Case to your threat intelligence data. Lastly, you can leverage cross-owner associations to create associations between Groups and Indicators in your Organization and those in your Communities and Sources, allowing for greater visualization and insight into all of your data. NoteIf cross-owner associations are disabled after being enabled previously, you can still view and remove cross-owner associations created while this feature was enabled. However, you will not be able to create new cross-owner associations. You can view, create, and manage associations on the [**Associations**tab of the **Details**screen](https://knowledge.threatconnect.com/docs/the-associations-tab#new-details-screen-view) and the [**Associations**card on the legacy **Details**screen](https://knowledge.threatconnect.com/docs/the-associations-card). In addition, you can view associations on the **[](https://knowledge.threatconnect.com/docs/the-details-drawer)**[](https://knowledge.threatconnect.com/docs/the-details-drawer)[**Details**drawer](https://knowledge.threatconnect.com/docs/the-details-drawer)[](https://knowledge.threatconnect.com/docs/the-details-drawer)**[](https://knowledge.threatconnect.com/docs/the-details-drawer)** for threat intelligence data objects and use [Threat Graph](https://knowledge.threatconnect.com/docs/explore-in-graph) to discover, visualize, and create associations in a graph-based interface. Note[Applying a Tag](https://knowledge.threatconnect.com/docs/applying-tags) to a Group, Indicator, IR, Victim, or Case creates an association between the Tag and the object to which it is applied. ## Before You Start | Minimum Role(s) | - Organization role of Read Only User (for viewing associations in your Organization) - Community role of User (for viewing associations in a Community or Source) NoteTo view cross-owner associations, you must have an owner role with at least viewing permissions in both owners. - Organization role of Standard User (for creating and modifying associations) - Community role of Editor (for creating and modifying associations in a Community or Source) NoteTo create and modify cross-owner associations, you must have an owner role with at least editing permissions in one of the owners and an owner role with at least viewing permissions in the other owner. - Users with an Organization role of App Developer cannot view associated and potentially associated Cases and Artifacts, because they do not have access to Workflow | | --- | --- | | Prerequisites | Cross-owner associations enabled by a System Administrator (for creating associations between Groups and Indicators in your Organization and Groups and Indicators in Communities and Sources to which you have access) | --- *ThreatConnect® is a registered trademark of ThreatConnect, Inc.* 20076-01 v.10.B ## Related - [Case Associations](/case-associations.md) - [Threat Graph](/threat-graph.md) - [Modeling File Behavior](/modeling-file-behavior.md) - [Pivoting on Data](/pivoting-on-data.md) - [The Details Screen](/the-details-screen.md) - [The Diamond Model](/the-diamond-model.md) - [The ThreatConnect Data Model](/the-threatconnect-data-model.md) - [Workflow Cases](/workflow-cases.md) - [Workflow Overview](/workflow-overview.md)