- 18 Jan 2023
- 1 Minute to read
-
Print
-
DarkLight
Explore In Graph Overview
- Updated on 18 Jan 2023
- 1 Minute to read
-
Print
-
DarkLight
The Explore In Graph feature (also known as Threat Graph) in ThreatConnect® enables you to discover, visualize, and explore Indicator, Group, and Case relationships using a graph-based interface. When viewing an object’s graph, you can pivot on Indicator, Group, and Case associations in ThreatConnect, as well as relationships for Indicators and Groups that exist within a Collective Analytics Layer (CAL™) dataset. For Indicators, you may also pivot on third-party enrichment relationships if an enrichment service is enabled on your instance and for the Indicator’s type. For Adversary, Intrusion Set, Malware, Threat, and Tool Groups on which CAL has information, you can view known aliases for the Group and combine multiple Group nodes that share a known alias into a single, compound Group node.
After building out an object’s graph with its associated objects, you can save the graph in its current state to revisit at a later time or export it to a PNG or JPEG file to share with teammates, executives, and stakeholders.
Before You Start
Minimum Role(s) |
|
---|---|
Prerequisites | To pivot on Indicator, Group, and Case associations in ThreatConnect, pivot on CAL relationships for Indicators and Groups, and view CAL alias information for Groups, the following prerequisites must be met:
To pivot on third-party enrichment relationships for an Indicator, the following prerequisites must be met:
|
ThreatConnect® is a registered trademark, and CAL™ is a trademark, of ThreatConnect, Inc.
20117-01 v.06.A