The Publish Feature
  • 11 May 2023
  • 2 Minutes to read
  • Dark

The Publish Feature

  • Dark

Article Summary


The Publish feature in ThreatConnect® packages intelligence in the form of Group data objects and writes it to a JSON file. It is a necessary step in the process of sharing the data with users on other instances of ThreatConnect via the Cross-Intel Sharing App. When a Group is published, the following objects will be included in the corresponding JSON file (unless they are excluded via a Security Label:

The following Group types can be published: Adversary, Attack Pattern, Campaign, Course of Action, Document, E-mail, Event, Incident, Intrusion Set, Malware, Report, Signature, Tactic, Threat, Tool, and Vulnerability. In order to publish a Group, it must first exist in, or be contributed to, a Community or Source.

If a System Administrator has enabled publishing from Organizations, Organization Administrators may publish Groups that exist in their Organization without needing to contribute them to a Community or Source (i.e., they can publish Groups directly from their Organization).
Minimum Role(s)Community role of Contributor, Editor, or Director
PrerequisitesA Group that has exists in or has been contributed to a Community or Source

Publishing a Group

  1. Navigate to the legacy Details screen for a Group that exists in or has been contributed to a Community or Source.
  2. Click the Sharing tab. The Sharing screen will be displayed (Figure 1).
    The Sharing tab is available only on the legacy Details screen.

    Figure 1_The Publish Feature_7.0.0


  3. Click the PUBLISH… button. The Initial screen of the Publish Intelwindow will be displayed (Figure 2). This screen provides a summary of the Group that is to be published for cross-instance sharing.

    Graphical user interface, application, Teams  Description automatically generated


    • Click the Next button.
  4. The Security Labels screen will be displayed (Figure 3).

    Graphical user interface, application  Description automatically generated


    • Excluded Security Labels: Select Security Labels to exclude. Any associated objects and Attributes with the selected Security Labels applied to them will not be included in the published JSON file.
    • Click the Next button.
  5. The Save screen will be displayed (Figure 4). This screen lists the Group and associated Groups that will be published.

    Graphical user interface, text, website  Description automatically generated


    • Click the PUBLISH button.

The Sharing tab of the Group's legacy Details screen will be displayed again, with the newly created JSON file listed in the Published in: table at the bottom of the screen (Figure 5). Once a Group has been published, it—and its associated Indicators and Groups, Security Labels, Attributes, and Tags—can be shared across instances via the ThreatConnect Cross-Intel Sharing App.

Timeline  Description automatically generated


A Group can also be published at the same time that it is being contributed to a Community or Source by selecting the Publish after Copy checkbox on the Save screen of the Contribute to Community/Source window.
Changes that are made to a Group after it has been published will not be reflected in the JSON file. The Group will need to be published again in order to capture any changes that occur after its publication.

ThreatConnect® is a registered trademark of ThreatConnect, Inc.

20060-01 v.03.D

Was this article helpful?