---
title: "Managing Data in All Organizations: Threat Intelligence"
slug: "managing-data-in-all-organizations-threat-intelligence"
description: "This article describes how Super Users can view, create, import, filter, search for, modify, and delete threat intelligence in all Organizations on their ThreatConnect instance."
updated: 2024-06-12T15:38:45Z
published: 2024-06-12T15:38:45Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://knowledge.threatconnect.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Managing Data in All Organizations: Threat Intelligence

As a Super User, you can view, create, import, filter, search for, modify, and delete threat intelligence in all Organizations on your ThreatConnect instance.

## Browse

The [**My Intel Sources** selector](https://knowledge.threatconnect.com/docs/my-intel-sources) on the [**Browse** screen](https://knowledge.threatconnect.com/docs/the-browse-screen)****will display a **My Orgs** list from which you can select the Organizations whose data (i.e., Groups, Indicators, Intelligence Requirements, Tags, Tracks, Victims, and Victim Assets) you want to view (Figure 1).

![Graphical user interface, text, application Description automatically generated](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/Figure%201_Managing%20Data%20in%20All%20Organizations_Threat%20Intelligence_7.3.0.png)

## Create

When using the [**Create**](https://knowledge.threatconnect.com/docs/create) option on the top navigation bar to add an object (Indicator, Group, Track, or Victim) to ThreatConnect, you can select any Organization on the ThreatConnect instance from the **Owner**menu (Figure 2).

NoteSuper Users may only [create Intelligence Requirements](https://knowledge.threatconnect.com/docs/creating-intelligence-requirements) in their home Organization.

![Graphical user interface, application Description automatically generated](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/Figure%202_Managing%20Data%20in%20All%20Organizations_Threat%20Intelligence_7.6.0.png)

## Import

When using the **Import** option on the top navigation bar to import objects ([Email import](https://knowledge.threatconnect.com/docs/email-import), [structured Indicator import](https://knowledge.threatconnect.com/docs/structured-indicator-import), [unstructured Indicator import](https://knowledge.threatconnect.com/docs/unstructured-indicator-import), [Signature import](https://knowledge.threatconnect.com/docs/signature-import), or [Doc Analysis import](/docs/doc-analysis-import)) you can select any Organization on the ThreatConnect instance from the**Owner**menu (Figure 3).

![Graphical user interface, application Description automatically generated](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/Figure%203_Managing%20Data%20in%20All%20Organizations_Threat%20Intelligence_7.2.0.png)

## Search and Analyze

### Search Drawer (Legacy)

The **OWNERS** selector in the [**Search** drawer](https://knowledge.threatconnect.com/docs/search-and-analyze) will display a **My Orgs** list from which you can select the Organizations in which to search for data (Figure 4).

![Graphical user interface, application Description automatically generated](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/Figure%204_Managing%20Data%20in%20All%20Organizations_Threat%20Intelligence_7.6.0.png)

You can also add objects found during searches to any Organization on your instance (Figure 5).

![Graphical user interface Description automatically generated](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/Figure%205_Managing%20Data%20in%20All%20Organizations_Threat%20Intelligence_7.6.0.png)

NoteThe **ADD TO OWNER** dropdown lists all owners in alphabetical order. It does not separate them by owner type (Organization, Community, and Source). Scroll down to find the owner to which you want to add an object found during a search.

### Search Screen (Beta)

The **Owner**filter in the **Filters![Filters button_Details screen](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/Filters%20button_Details%20screen.png)**menu on the [**Search**screen](https://knowledge.threatconnect.com/docs/viewing-search-results) will display all Organizations in which you can search for data (Figure 6).

![](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/Figure%206_Managing%20Data%20in%20All%20Organizations_Threat%20Intelligence_7.6.0.png)

ImportantThe search feature available on the **Search**screen is currently a beta feature as of ThreatConnect 7.6.

## The Details Screen

In addition to Communities and Sources, the **Owners & Feeds**card on the new [**Details**screen](https://knowledge.threatconnect.com/docs/the-details-screen) and **[](https://knowledge.threatconnect.com/docs/the-details-drawer)**[](https://knowledge.threatconnect.com/docs/the-details-drawer)[**Details**drawer](https://knowledge.threatconnect.com/docs/the-details-drawer)[](https://knowledge.threatconnect.com/docs/the-details-drawer)**[](https://knowledge.threatconnect.com/docs/the-details-drawer)** (Figure 7) and the **Additional Owners**card on the [legacy **Details** screen](https://knowledge.threatconnect.com/docs/the-details-screen) (Figure 8) list all of the other Organizations that own the object you are viewing. Click on the name of an Organization to view the object within that Organization.

![](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/Figure%207_Managing%20Data%20in%20All%20Organizations_Threat%20Intelligence_7.6.0.png)

![](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/Figure%208_Managing%20Data%20in%20All%20Organizations_Threat%20Intelligence_7.6.0.png)

On the new **Details**screen, you can also use the dropdown at the top left of the header section to select the owners in which to view the object. On the legacy **Details**screen, you can also use the selector at the upper-right corner of the screen to choose owners in which to view the object. When viewing the object in an Organization other than your home Organization on the legacy **Details**screen, the label at the upper-left corner of the screen will be **SHARED** instead of **ORGANIZATION**.

## Cross-Owner Associations

If cross-owner associations are enabled on your ThreatConnect instance, you can view and create [associations](https://knowledge.threatconnect.com/docs/associations) between objects in the Organizations on your instance and between those in the Communities and Sources to which you have access. In other words, in addition to being able to create associations between objects in your home Organization, Communities, and Sources, you can create associations between objects in the Organizations on your instance (i.e., Organization-to-Organization associations) and associations between objects in any Organization on your instance and the Communities and Sources to which you have access.

## Indicator Status

If the ability to change [Indicator Status](https://knowledge.threatconnect.com/docs/indicator-status) is enabled for your Organization, you can modify Indicator Status in any owner on your ThreatConnect instance.

## Threat Graph

When viewing an object that exists in multiple Organizations on your instance while using [Threat Graph](https://knowledge.threatconnect.com/docs/explore-in-graph), you can use the [**Pivot in ThreatConnect**](https://knowledge.threatconnect.com/docs/pivoting-in-threatconnect)****option to explore the object’s associations in each Organization.

## ThreatConnect Query Language

You can write TQL queries that search for objects existing in multiple Organizations on your instance. See the [“Query for Objects Belonging to Multiple Owners” section of *Constructing Query Expressions*](https://knowledge.threatconnect.com/docs/constructing-query-expressions#query-for-objects-belonging-to-multiple-owners) for more information.

## ThreatConnect Intelligence Anywhere

When selecting sources for [ThreatConnect Intelligence Anywhere](https://knowledge.threatconnect.com/docs/threatconnect-intelligence-anywhere) to scan for potential Indicators and Groups, you can select multiple Organizations on your instance (Figure 9).

![Graphical user interface Description automatically generated](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/Figure%209_Managing%20Data%20in%20All%20Organizations_Threat%20Intelligence_7.6.0.png)

Intelligence Anywhere will indicate when a scan finds objects that are known to exist in multiple Organizations on your instance (Figure 10).

![A screenshot of a computer Description automatically generated](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/Figure%2010_Managing%20Data%20in%20All%20Organizations_Threat%20Intelligence_7.6.0.png)

When importing scanned Indicators into ThreatConnect, you can select any Organization on your ThreatConnect instance as the destination owner (Figure 11).

![](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/Figure%2011_Managing%20Data%20in%20All%20Organizations_Threat%20Intelligence_7.6.0.png)

## ATT&CK Visualizer

In the [ATT&CK® Visualizer](https://knowledge.threatconnect.com/docs/attack-visualizer), you can add Groups that belong to any Organization on the ThreatConnect instance as [analysis layers](https://knowledge.threatconnect.com/docs/attack-analysis-layers) to a [standard ATT&CK view](https://knowledge.threatconnect.com/docs/standard-attack-views) and visualize the MITRE ATT&CK® Enterprise [tactics](https://attack.mitre.org/tactics/enterprise/), [techniques](https://attack.mitre.org/techniques/enterprise/), and sub-techniques used by the Groups (Figure 12). When selecting Groups to add as analysis layers, you can filter Groups by Organization using the **Filters![Filters button_Details screen](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/Filters%20button_Details%20screen.png)**option at the top right of the **Add an Analysis Layer**window.

![](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/Figure%2012_Managing%20Data%20in%20All%20Organizations_Threat%20Intelligence_7.6.0.png)

ImportantIf you save a standard ATT&CK view with a Group in another Organization added as an analysis layer, users in your Organization will be able to open the ATT&CK view; however, that Group will not be visible to them. As such, it is recommended that you identify which standard ATT&CK views contain Group data from Organizations outside of your home Organization in the ATT&CK view's description so that other users in your home Organization do not attempt to open those ATT&CK views.

When you select one or more techniques or sub-techniques in the ATT&CK Visualizer, the [**Selection Details**drawer](https://knowledge.threatconnect.com/docs/visualizing-attack-tactics-techniques-and-sub-techniques) will display Groups across all Organizations with [ATT&CK Tags](https://knowledge.threatconnect.com/docs/attack-tags) representing the selected items applied to them (Figure 13). Use the **Filters****![](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/Filters%20button_Details%20screen.png)**option to the right of the search bar to filter these Groups by Organization, if desired.

![Figure 12_Managing Data in All Organizations_Threat Intelligence_7.3.0](https://cdn.document360.io/dfc206c8-1c9f-4725-b74d-a66f83432320/Images/Documentation/Figure%2013_Managing%20Data%20in%20All%20Organizations_Threat%20Intelligence_7.6.0.png)

---

*MITRE ATT&CK®and ATT&CK® are registered trademarks of The MITRE Corporation.*