Create Campaigns
CSAP helps you to create and manage campaigns to share alerts with additional context. This also helps users understand threat details and improve their response capabilities.
What are campaigns?
Campaigns are instances or patterns of harmful intent by threat actors. They are identified through sets of incidents, malware, vulnerabilities exploited, and identified tactics, techniques, and procedures (TTPs) of threat actors. Examples of campaigns are phishing email campaigns, social engineering attacks and other campaigns.
Where can I use campaigns?
While creating an alert, select an active campaign in the Required section of the alert creation form.
Before you Start
You must have the View and Create permissions for campaigns.
Steps
To create a campaign, do the following:
Sign in to the Analyst Portal and click Administration > Settings in the lower-left corner.
Click Alert Settings > Campaign. To create a campaign, click Create in the upper-right corner.
Enter a name for the campaign. For example, Phishing Email Campaigns.
Note
Ensure that the Active toggle is turned on to use the campaign while creating alerts.
To create the campaign, click Create.
Manage Campaigns
To manage campaigns, you must have the View and Update permissions for campaigns. By default, the Campaign page displays all active campaigns.
You can perform the following actions to manage campaigns:
To filter campaigns, use the filter option. Search using a keyword or filter by parameters such as status (active, inactive). To close filters, click the Clear all filters icon.
To edit campaign names, hover over the campaign, click the vertical ellipsis of the campaign, and click Edit.
Drag and drop campaigns to re-order campaigns based on your preference. This order is displayed in the Campaign dropdown while creating alerts.
To activate or inactivate an already existing campaign, click Edit. Turn the Active toggle on or off based on your preference.