- 12 Apr 2023
- 2 Minutes to read
-
Print
-
DarkLight
Explore In Graph Overview
- Updated on 12 Apr 2023
- 2 Minutes to read
-
Print
-
DarkLight
The Threat Graph feature in ThreatConnect® provides a graph-based interface where you can discover, visualize, and explore Indicator, Group, Case, and Tag relationships. After accessing an object’s graph, you can pivot on Indicator, Group, Case, and Tag associations in ThreatConnect, as well as relationships for Indicators and Groups that exist within a CAL ™ dataset. You can also perform the following actions to gain a comprehensive picture of a threat:
- Pivot on available third-party enrichment relationships for supported Indicator types;
- Run active UserAction Trigger–based Playbooks for Indicators that exist in ThreatConnect;
- Import Indicators added to an object’s graph via CAL and enrichment pivots into ThreatConnect;
- View known alias information retrieved from CAL for select Group types;
- Combine multiple Group nodes that share a known alias into a single, compound Group node.
After building out an object’s graph with its associated objects, you can save the graph in its current state to revisit at a later time or add to a report, or export it to a PNG or JPEG file that you can share with teammates, executives, and stakeholders.
Before You Start
Minimum Role(s) |
|
---|---|
Prerequisites |
To pivot on Indicator, Group, Case, and Tag associations in ThreatConnect, pivot on CAL relationships for Indicators and Groups, and view CAL alias information for Groups, the following prerequisites must be met:
To pivot on third-party enrichment relationships for an Indicator, the following prerequisites must be met:
|
ThreatConnect® is a registered trademark, and CAL™ is a trademark, of ThreatConnect, Inc.
VirusTotal™ is a trademark of Google, Inc.
Shodan® is a registered trademark of Shodan.
20117-01 v.07.A