- 25 Oct 2022
- 2 Minutes to read
-
Print
-
DarkLight
The Publish Feature
- Updated on 25 Oct 2022
- 2 Minutes to read
-
Print
-
DarkLight
Minimum Role: Community role of Contributor, Editor, or Director
Prerequisites: A Group that has exists in or has been contributed to a Community or Source
Overview
The Publish feature in ThreatConnect® packages intelligence in the form of Group data objects and writes it to a JSON file. It is a necessary step in the process of sharing the data with users on other instances of ThreatConnect via the Cross-Intel Sharing App. When a Group is published, the following objects will be included in the corresponding JSON file (unless they are excluded via a Security Label:
- Associated Indicators and Groups
- Security Labels applied to the Group
- Attributes added to the Group
- Tags applied to the Group
The following Group types can be published: Adversary, Attack Pattern, Campaign, Course of Action, Document, E-mail, Event, Incident, Intrusion Set, Malware, Report, Signature, Tactic, Threat, Tool, and Vulnerability. In order to publish a Group, it must first exist in, or be contributed to, a Community or Source.
Publishing a Group
- Navigate to the Sharing tab of the Details screen for the Group in the Community or Source to which it belongs or was contributed (Figure 1).
- Click the PUBLISH… button. The Publish Intel window will be displayed, with the Initial screen selected (Figure 2). This screen provides a summary of the Group that is to be published for cross-instance sharing.
- Click the Next button.
- The Security Labels screen will be displayed (Figure 3).
- Excluded Security Labels: Select Security Labels to exclude. Any associated objects and Attributes with the selected Security Labels applied to them will not be included in the published JSON file.
- Click the Next button.
- The Save screen will be displayed (Figure 4). This screen lists the Group and its associated Groups that will be published.
- Click the PUBLISH button.
- The Sharing tab of the Details screen for the Group will be displayed again, with the newly created JSON file listed in the Published in: table at the bottom of the screen (Figure 5).NoteA Group can also be published at the same time that it is being contributed to a Community or Source by selecting the Publish after Copy checkbox on the Save screen of the Contribute to Community/Source window.
Once a Group has been published, it—and its associated Indicators and Groups, Security Labels, Attributes, and Tags—can be shared across instances via the ThreatConnect Cross-Intel Sharing App.
ThreatConnect® is a registered trademark of ThreatConnect, Inc.
20060-01 v.03.C