Contents x
Associations Overview
  • 04 Oct 2024
  • 2 Minutes to read
  • Print
  • Dark
    Light
Contents

Associations Overview

  • Updated on 04 Oct 2024
  • 2 Minutes to read
  • Print
  • Dark
    Light
Article summary

An association, one of the most powerful features in ThreatConnect®, models a relationship between two objects. Associating data empowers an analyst to pivot to related objects and further investigate their relationships to the primary object in the association. In ThreatConnect, you can

  • associate Groups to Intelligence Requirements (IRs), Indicators, Victim Assets, and other Groups;
  • associate Indicators to IRs, Groups, Victim Assets, and, using custom associations, other Indicators; and
  • associate IRs to Indicators, Groups, and Victim Assets.

In addition, you can associate Groups, Indicators, and IRs to Workflow Cases and their Artifacts and vice versa. Creating these associations is one of the main ways to connect information gathered within a Case to your threat intelligence data. Lastly, you can leverage cross-owner associations to create associations between Groups and Indicators in your Organization and those in your Communities and Sources, allowing for greater visualization and insight into all of your data.

Note
If cross-owner associations are disabled after being enabled previously, you can still view and remove cross-owner associations created while this feature was enabled. However, you will not be able to create new cross-owner associations.

You can view, create, and manage associations on the Associations tab of the Details screen and the Associations card on the legacy Details screen. In addition, you can view associations on the Details drawer for threat intelligence data objects and use Threat Graph to discover, visualize, and create associations in a graph-based interface.

Note
Applying a Tag to a Group, Indicator, IR, Victim, or Case creates an association between the Tag and the object to which it is applied.

Before You Start

Minimum Role(s)
  • Organization role of Read Only User (for viewing associations in your Organization)
  • Community role of User (for viewing associations in a Community or Source)
    Note
    To view cross-owner associations, you must have an owner role with at least viewing permissions in both owners.
  • Organization role of Standard User (for creating and modifying associations)
  • Community role of Editor (for creating and modifying associations in a Community or Source)
    Note
    To create and modify cross-owner associations, you must have an owner role with at least editing permissions in one of the owners and an owner role with at least viewing permissions in the other owner.
  • Users with an Organization role of App Developer cannot view associated and potentially associated Cases and Artifacts, because they do not have access to Workflow
PrerequisitesCross-owner associations enabled by a System Administrator (for creating associations between Groups and Indicators in your Organization and Groups and Indicators in Communities and Sources to which you have access)

ThreatConnect® is a registered trademark of ThreatConnect, Inc.

20076-01 v.10.B

Was this article helpful?
Related articles
What's Next
Company
Sales and Support
Follow Us
© 2012–2023 ThreatConnect, Inc. All Rights Reserved.