Skip to main content

Cyware Situational Awareness Platform

Configure Member Submission Preferences

As an analyst with an admin or root admin user role, you can configure and manage preferences related to member submissions such as intel and RFI submissions.

Steps

To configure member submission preferences, follow these steps:

  1. In the Analyst Portal, go to Administration > Configuration > Member Submission.

  2. Click Edit.

  3. Choose and configure any of the following features:

    • Display Disclaimer on RFI Form?: Turn on the toggle to enable or disable the disclaimer on the request for information (RFI) form. Members can view this disclaimer while submitting RFIs.

    • RFI Disclaimer: Enter the disclaimer included with the request for information form. By default, the text is set to Please do not submit any personally identifiable information, including credit card or bank account information; social security, passport, or driver’s license number; date of birth; account PINs, passwords, or any other sensitive information in the report. This form should be used for requesting information that may be related to physical or cyber security. If it is life-threatening or emergency, close the app and call 911 or the emergency contact number of your country.

    • Directly Publish Alerts from RFI: Turn on the toggle to enable members to publish RFI as alerts without analyst review. Members can select recipient groups for the RFI alert. By default, this option is not enabled.

    • Display RFI Responder Details to Members: Turn on the toggle to enable the recipients of the RFI alert, as well as the RFI submitter, to view the details (name and email) of the RFI responders. By default, this option is not enabled.

    • Show RFI Responses to Other Members: Turn on the toggle to allow members to view RFI responses and comments from other members or analysts. By default, the toggle is turned off.

    • Display RFI Submitter in Alert: Turn on the toggle to enable the recipients of the RFI alert to view the details (name and email) of the RFI submitter in the Member Portal and alert email. By default, the toggle is turned off.

    • Allow Members to Share RFI With: Specify the recipients of the RFI alert if members can directly publish alerts from an RFI. By default, it is set to Only Recipient Groups.

      If you select Recipient Groups or Member's Organization, the member can either choose to publish the alert to recipient groups of their choice or the organization that they belong to. If you select Recipient Groups or All Organizations, the member can choose to publish the alert to recipient groups of their choice or all organizations in the instance.

      Note

      While creating or updating recipient groups, if you want to manage the permissions in Allowed Member Submissions, it is recommended to set this to Only Recipient Groups. For more information, see Create Recipient Group.

    • Display Disclaimer on Intel Submission Form?: Turn on the toggle to enable or disable the disclaimer on the intel submission form. By default, this option is enabled.

    • Intel Submission Disclaimer: Enter the disclaimer that needs to be included with the intel submission form. By default, the text is set to Do not include any identifiable information or attribution. This form should only be used for sharing obfuscated threat indicators/observables (IP, URL, Filename, Hash, Domain Name, etc.).

    • Intel Submission Option: Select the option to share intel with or without analyst review. Select Manual: Threat intel submitted by members should be held for analyst review or enrichment to share intel for analyst review. This option is selected by default. Select Automated: Threat intel submitted by members should be directly shared with other members, without analyst review to share intel directly without analyst review.

    • Allow Members to Share Intel With: Specify the recipients of the intel submission alert if members can directly publish alerts from an intel submission. By default, it is set to Only Recipient Groups.

      If you select Recipient Groups or Member's Organization, the member can either choose to publish the alert to recipient groups of their choice or the organization that they belong to. If you select Recipient Groups or All Organizations, the member can choose to publish the alert to recipient groups of their choice or all organizations in the instance. 

      Note

      While creating or updating recipient groups, if you want to manage the permissions in Allowed Member Submissions, it is recommended to set this to Only Recipient Groups. For more information, see Create Recipient Group.

    • Display Intel Submitter in Alert:  Turn on the toggle to enable members to view who submitted the threat intel if attribution is provided during submission. Members can view this attribution in the alert details in the Member Portal as well as in the alert email. By default, this option is not enabled. 

    • Content Review by Peer Members in Threat Defender Library: Turn on the toggle to enable members to submit Threat Defender Library content to other members of the organization for peer review. Subsequently, peer reviewers can forward the content to analysts for further review. If this is turned off, members can directly submit the content to analysts for review. By default, this option is not enabled.

  4. Click Update.