Overview
Security labels allow you to designate the sensitivity of data in ThreatConnect®. You can leverage security labels to limit information shared across ThreatConnect owners, as well as filter on and query ThreatConnect data by sensitivity level.
ThreatConnect provides out-of-the-box security labels on the System level that can be applied to data in all owners on a ThreatConnect instance. These security labels use the Traffic Light Protocol published by the Forum of Incident Response and Security Teams (FIRST®):
- TLP:AMBER
- TLP:AMBER+STRICT
- TLP:CLEAR
- TLP:GREEN
- TLP:RED
- TLP:WHITENoteTLP:WHITE is a legacy security label that FIRST replaced with TLP:CLEAR. The TLP:WHITE security label has been retained in ThreatConnect to ensure the integrity of data labeled with it prior to its replacement. See “TLP definitions” for FIRST's definitions of each TLP label.
Security labels can be applied to Indicators, Groups, and Victims, as well as individual attributes for those object types, allowing you to differentiate when an attribute's sensitivity is different than that of the object it belongs to.
You can create, edit, and delete custom security labels on the System level (available in all owners on a ThreatConnect instance) and on the owner level (available only in a particular Organization, Community, or Source). In addition, you can consolidate an owner-level security label into a System-level security label, which replaces the owner-level security label with the System-level (out-of-the-box or custom) security label on all data objects in the owner and, optionally, deletes the owner-level security label.
Before You Start
User Roles
System-Level Security Labels
- To view available security labels on the System level on the System Settings screen, your user account must have a System role of Administrator, Operations Administrator, Accounts Administrator, or Community Leader.
- To view available security labels on the System level on the Organization Config screen for your home Organization, your user account can have any System role and any Organization role.NoteThe Security Labels tab of the Organization Config screen displays all System-level security labels in addition to all Organization-level security labels for an Organization. All user accounts have permission to view this tab for their home Organization.
- To create and manage (edit and delete) custom security labels on the System level, your user account must have a System role of Administrator.
Organization-Level Security Labels
- To view available security labels in your home Organization, your user account can have any System role and any Organization role.
- To create and manage (edit, delete, and consolidate) custom security labels in your home Organization, your user account must have an Organization role of Organization Administrator.
- To view available security labels in any Organization on your ThreatConnect instance, your user account must have a System role of Administrator, Operations Administrator, or Super User.
- To create and manage (edit, delete, and consolidate) custom security labels in any Organization on your ThreatConnect instance, your user account must have a System role of Administrator, Operations Administrator, or Super User and an Organization role of Organization Administrator.
Community- and Source-Level Security Labels
- To view available security labels in a Community or Source, your user account must have a Community role of Editor or Director in that Community or Source.
- To create and manage (edit, delete, and consolidate) custom security labels in a Community or Source, your user account must have a Community role of Editor or Director in that Community or Source.
View Security Labels
View System-Level Security Labels
Follow these steps to view available System-level security labels:
- From the Settings
menu on the top navigation bar, select System Settings. - Select the Security Labels tab.NoteIf your user account does not have permission to access the System Settings screen, you can view all System-level security labels when viewing the security labels available in an Organization, Community, or Source.
View Organization-Level Security Labels
Follow these steps to view available security labels in an Organization:
- From the Settings
menu on the top navigation bar, select Organization Configuration. - Select the Security Labels tab.NoteBy default, the Security Labels tab displays the security labels in your home Organization, as well as all available System-level security labels. If you have a System role of Administrator, Operations Administrator, or Super User, you can use the selector to the right of the Organization Config header to select any Organization on your ThreatConnect instance.
- To view only Organization-level security labels, clear the Include System Labels checkbox.
View Community- and Source-Level Security Labels
Follow the appropriate set of steps for your user account's System role to view available security labels in a Community or Source:
Navigate via Account Settings
- From the Settings
menu on the top navigation bar, select Account Settings. - Select the Communities/Sources tab.
- Click the name of a Community or Source.
- Click COMMUNITY CONFIG or SOURCE CONFIG.
- Select the Security Labels tab.
- To view only Community- or Source-level security labels, clear the Include System Labels checkbox.
Navigate via Posts
- From the Settings
menu on the top navigation bar, select Posts from the Deprecated Features dropdown. - Click the name of a Community or Source from the My ThreatConnect sidebar.
- Click Community Config
or Source Config
at the upper right of the Community or Source card, respectively. - Select the Security Labels tab.
- To view only Community- or Source-level security labels, clear the Include System Labels checkbox.
Create Custom Security Labels
Follow these steps to create custom security labels:
- When viewing security labels in an owner, click + NEW SECURITY LABEL.
- Fill out the fields on the Create Security Label window as follows:
- Name: Enter a name for the security label.
- Color: Click the box to select a color or enter a color code in RGB, HSB, or hexadecimal format.
- Description: Enter a description for the security label.NoteThe Color and Description fields are solely for categorization and informational purposes. No policy enforcement is derived from them.
- Click SAVE.
Manage Custom Security Labels
The following actions for managing custom security labels are available in the Options column for a security label:
- Edit
- Delete
- Consolidate (not available for System-level security labels)
Consolidate Custom Security Labels
Owner-level security labels that are no longer relevant or valued can be consolidated into System-level security label. This procedure replaces the owner-level security label with the System-level (out-of-the-box or custom) security label on all data objects in the owner and, optionally, deletes the owner-level security label.
Follow these steps to consolidate a security label in an Organization, Community, or Source into a System-level security label:
- When viewing security labels in an owner, click Consolidate
in a security label's Options column. - Fill out the fields in the Consolidate Security Label window as follows:
- New Label: Select the System-level security label to replace the owner-level security label.ImportantThis dropdown will not be populated if the Include System Labels checkbox on the Security Labels tab is not selected.
- Delete Upon Completion: Select this checkbox to delete the owner-level security label after consolidation is complete.
- New Label: Select the System-level security label to replace the owner-level security label.
- Click CONFIRM.
ThreatConnect® is a registered trademark of ThreatConnect, Inc.
FIRST® is a registered trademark of Forum of Incident Response and Security Teams, Inc.
20015-01 v.010.A