Marking Specification
Notice
This is a beta feature available in Intel Exchange v3.7.2 onwards. To enable this feature for your organization, contact your Intel Exchange administrator.
A marking specification refers to a structured set of rules or standards that define how threat intelligence, is labeled or marked to indicate its sensitivity, confidentiality, or handling requirements. These markings help control how the data is shared, accessed, or processed within systems and between organizations.
Marking specifications are particularly important for threat intelligence platforms, where data often needs to be shared across different organizations or systems. Data marking helps to ensure that sensitive information is appropriately handled according to predefined guidelines, reducing the risk of improper disclosure or misuse.
In Intel Exchange, you can create marking specifications tailored to your organization's specific needs, defining how internal data should be protected and shared. By default, TLP (1.0 and 2.0, ACS, IEP 2.0, and statement marking specifications are supported.
Use Cases
Custom marking specifications let you define rules that align with your internal data handling policies. You can create custom categories for confidentiality, access control, or legal compliance, ensuring your threat data is marked according to your organization's unique needs.
With custom marking specifications, you can automate the classification of incoming threat intelligence according to your organization's standards. This helps streamline workflows by applying relevant markings automatically, saving your analysts time and improving consistency in data classification.