Ownership in ThreatConnect
  • 08 Sep 2022
  • 2 Minutes to read
  • Dark
    Light

Ownership in ThreatConnect

  • Dark
    Light

Minimum Role: Organization role of Read Only User

Prerequisites: ThreatConnect object (Indicator, Group, Tag, Track, Victim, or Victim Asset)

Overview

Everything in ThreatConnect® has an owner. Owners have full control over whatever they own, and they fall under one of the following three categories:

  • Organization: An Organization, often referred to as an Org, represents a team of persons with the same levels of access and trust. An Organization is a collaborative space—its members are meant to work on tasks while fully visible to one another.
  • Community: A Community is a tightly administered group of ThreatConnect owners. A Community may have Organizations or individual users as members. Members can contribute intelligence to the Community, vote on Indicator ratings, and have collaborative discussions. Communities have the option to allow their members to use pseudonyms. Oftentimes, a Community will rally around a common purpose, such as an industry sector, a current event, or a geopolitical region.
  • Source: A Source is a one-way feed of information. Like Communities, Sources may have Organizations or individual users as members. Unlike Communities, Sources are not meant to be a collaborative environment. Members, and their pseudonyms, are not visible to one another and typically do not have any writable access within a Source. Oftentimes, a Source will represent a feed of Indicators or intelligence, whether premium, open source, or internally produced.

Copies of Objects across Multiple Owners

The same object in ThreatConnect can reside with multiple owners—due to the fact that different parties may have different levels of information that they possess, or are willing to share, about that object.

When viewing an object in ThreatConnect, the owner of the object is displayed in the Owner dropdown menu at the upper-right corner of the Details screen (Figure 1).

Graphical user interface, application  Description automatically generated

 

The Owner dropdown menu displays the list of available owners that have information on a particular object, based on your access (Figure 2).

Graphical user interface, text, application  Description automatically generated

 

If there is more than one owner for an Indicator, an Additional Owners card will be displayed on the Overview tab of the Details screen, as shown in Figure 1. This card displays the name of each additional owner in which the Indicator exists, as well as the Threat and Confidence Ratings for the Indicator in each additional owner.

Note that changes made to a copy of one object do not affect other copies. They are maintained separately to respect the idea that different owners will have different insights. In other words, there is value in viewing an Indicator through the lens of your Organization, as well as seeing intelligence on the Indicator from the greater Community.


ThreatConnect® is a registered trademark of ThreatConnect, Inc.

20026-01 v.06.K


Was this article helpful?