Manage Sharing Communities
Threat intelligence sharing is the cornerstone of all collaboration-driven security strategies. In addition to publishing alerts from the Analyst Portal to the Member Portal, admins can also leverage CSAP to exchange alerts with their network of peers, vendors, and clients. The Sharing Community feature enables automated sharing of alerts between two different organizations that use CSAP, via secure API endpoints. The feature enables collaboration between different organizations with shared security interests by allowing them to put a common front against attackers through threat knowledge sharing.
Navigate to Integrations > CSAP Integrations > Sharing Community.
Alert Sharing Flow Between Communities
The following flowcharts demonstrate the Alert sharing process between two CSAP organizations.
Organization I creates API credentials and shares them with Organization II.
Organization I defines the Rule Conditions for receiving Alerts.
Organization II uses the credentials to create a Sharing Community.
Organization II defines the Rule Conditions for Sharing Alerts.
Organization II creates an Alert and if Rules are met either the Alert will Never be shared or it will be Shared with Organization I. This is based on the Rule Conditions defined by the Admin.
Similarly, when Organization I receives the Alert, it will either be Auto Published to Recipients or Saved as Draft based on Conditions defined by the Admin.
Add a new Sharing Community
Add the Open API Credentials shared by the organization that has invited you to a Sharing Community. Once the credentials as successfully configured, you will join the Sharing Community and will be able to share Alerts with the Organization.
Click on Add a New Entity.
Fill in the Access ID, Secret Key, and Endpoint details in the Create a New Entity form.
Note
Remember to select the Active checkbox. Leaving the checkbox unchecked will result in API Details and Sharing Community application being inactive. Inactive applications cannot be viewed in the API Details section and the respective API details cannot be used to add a Sharing Community.
Once done, click on the Validate button.
Edit Sharing Community Details
Click on Edit Community to make updates in the Sharing Community credentials. Credentials are updated to rectify wrong entries and in case of validation failure.
Update the Access ID, Secret Key, and Endpoint details in the Update an Entity form.
Once done, click on the Validate button.