Field Management Settings
Analysts can create and manage the fields used for various activities such as alert creation, intel submission, member management, and more from Field Management. The different types of field types available are text boxes, single-select, multi-select, and other fields such as tactic technique, calendar, and more. You can also manage the list order preference of fields from field management.
You must have Create/Update permission for Settings to create and manage fields. The permissions can be assigned to a role.
To create and manage fields, go to Administration > Settings > Field Management.
Text Boxes
Text boxes are editors that allow users to add information in text format. Text boxes appear when analysts create alerts and when members share threat intel in the Member Portal. Some examples of text box fields are CVSS Score, Exception Details, Forensic Details, Lessons Learned, and more.
Hover over the field, click the vertical ellipsis, and click Edit. You can edit the field name, description, and where the field is displayed.
Note
The description that you enter in Field Description is displayed as an info icon for the text box field which helps members get more context about the field.
Turn on the Alert toggle to display the field when analysts create alerts. When you select a category for the alert, the text boxes assigned to the category display automatically in the Additional section of the alert creation form. For example, you can assign the CVSS Score text box to the Vulnerability Advisory category to allow analysts to add CVSS score details when sharing Vulnerability Advisory alerts.
Turn on the Intel toggle to display the field when members share threat intel.
Single Select
A single-select field allows users to select a single option from a preset list of options. Single-select fields appear when analysts create alerts and when members share threat intel in the Member Portal. Some examples of single-select fields are Priority, Severity, Announcement Type, Kill Chain Phase, and more.
Click on a single-select field to create or update the preset list of options.
Hover on a list value and click Edit to change the field name and description. The description that you enter in Field Description is displayed as an info icon for the text box field which helps members get more context about the field.
Click Create to create a new list value. For example, you create the Very High value for the Severity single-select field.
Drag and drop the values to arrange the list order.
Hover over a text box value and click Edit to make changes to a single-select field and to choose where to show the single-select field.
Turn on the Alert toggle to display the field when analysts create alerts. When you select a category for the alert, the text boxes assigned to the category display automatically in the Additional section of the alert creation form. For example, you can assign the CVSS Score text box to the Vulnerability Advisory category to allow analysts to add CVSS score details when sharing Vulnerability Advisory alerts.
Turn on the Intel toggle to display the field when members share threat intel.
Turn on the Show in webapp filters toggle for the required field to allow members to use the single-select field as a search filter and find alerts on the Member Portal.
Multi Select
A multi-select field allows users to select predefined options from a list. Unlike a single select field, you can select as many options as you'd like from the list. Multi-select fields appear while creating alerts and in the threat intel submission form of the CSAP Member Portal. You can create custom multi-select fields or edit already existing system fields.
To edit system multi-select fields, do the following:
To create custom multi-select fields, do the following:
In Field Management > Custom Fields, click Create in the upper-right corner.
Enter the field name and description, and select the field type as Multi Select. The description that you enter in Field Description is displayed as an info icon for the text box field which helps members get more context about the field.
Click Create to add the field.
Enable the Alert option for the required fields, assign it to an alert category, and use it in the alert content.
When you select a category for the alert, the multi-select fields assigned to the category display automatically in the Additional section of the alert creation form. For example, you can assign the Severity field to the Vulnerability Advisory category to allow analysts to add severity details when sharing Vulnerability Advisory alerts.
Enable Intel for the required multi-select field to display it in the CSAP Member portal threat intel submission form.
Enable Show in member portal filters for the required field to allow members to use the multi-select field as a search filter and find alerts on the CSAP Member Portal.
Other Fields
This section contains fields that are unique from text boxes, single-select and multi-select fields. One such example is the Tactic-Technique field which allows you to select the tactic and technique pairs. These fields appear while creating alerts and in the intel submission form of the CSAP Analyst Portal and CSAP Member Portal respectively.
Hover over a field and click Edit to make changes to the field and to choose where to show the field.
Enable the Alert option for the required fields, assign it to an alert category, and use it in the alert content.
When you select a category for the alert, the fields assigned to the category display automatically in the Additional section of the alert creation form. For example, you can assign the Tactic Technique field to the Threat Actor Advisory category to allow analysts to add severity details when sharing Threat Actor Advisory alerts.
Enable Intel for the required field to display it in the CSAP Member portal threat intel submission form.
Enable Tags field for Alert Creation and Intel Submissions
Tags are keywords that are attached to alerts published from the Analyst Portal and intel submitted from the Member Portal. Tags help analysts quickly identify the information and context available in an alert or an intel. For example, the Actionable Indicators tag informs analysts that the alert or intel contains important threat indicator details that need action at the earliest. CSAP contains a distinct tag library that allows analysts to save and access various types of tags. See Tag Library
To enable the tags field for alert creation and intel submission, follow the below steps.
Navigate to Management > Settings > Field Management > Other Fields.
Tags are available as one of the fields in the list. Hover on the Tags field to see the Edit icon. Click the Edit icon to make updates.
Select the Alert toggle to show the Tags field on alert creation.
Select the Intel toggle to show the Tags field on intel submission.
Click Update to save changes.
Make Tags Field Mandatory for a Category
To make the Tags field mandatory for alert creation and intel submissions, the Tags field must be assigned to an alert category. When the particular category is used by analysts for alert creation or by members for intel submission, the Tags field is made mandatory.
To assign the Tags field to an alert category, do the following.
Navigate to Settings from Management and click Core Settings. Select Category from the Core Settings.
Choose a category to which you want to assign the Tags field. You can choose both System categories and Custom categories.
Hover on the category to see the Edit icon. Click the Edit icon to open the Update Category window.
Scroll down to the bottom of the Update Category window to see the field mapping table for the category.
Click Others to see the list of available fields. Locate the Tags field from the list and enable the Enable/Disable toggle to include the Tags field in this category.
Enable the Mandatory toggle to make the Tags field mandatory. This makes the field mandatory for all alerts and intel published using this category.
Check Visible to Members to show the Tags field to alert recipients.
Click Update to save changes.
Manage the Order of Fields
This section allows CSAP users to determine the order of the fields displayed in the Additional section of the create alert form. Users can drag and drop frequently used fields to the top of the activity list.