Skip to main content

Cyware Situational Awareness Platform

Manage Sharing Communities

Threat intelligence sharing is the cornerstone of all collaboration-driven security strategies. In addition to publishing alerts from the Analyst Portal to the Member Portal, administrators can also leverage Collaborate to exchange alerts with their network of peers, vendors, and clients.

  • Sharing Community enables the automated sharing of alerts between two different organizations that use Collaborate, through secure API endpoints.

  • It also enables collaboration between different organizations with shared security interests by allowing them to put a common front against attackers through threat knowledge sharing.

Alert Sharing Flow Between Communities

The following flowcharts demonstrate the Alert sharing process between two Collaborate organizations.

  • Organization I creates API credentials and shares them with organization II.

  • Organization I defines the rule conditions for receiving alerts.

  • Organization II uses the credentials to create a Sharing Community.

  • Organization II defines the rule conditions for sharing alerts.

    8589919.jpg

  • Organization II creates an alert and if rules are met either the alert will never be shared or it will be shared with organization I. This is based on the rule conditions defined by the administrators.

  • Similarly, when Organization I receives the alert, it will either be auto-published to recipients or saved as a draft based on conditions defined by the administrators.

8589917.jpg
Add a new Sharing Community

Configure the Open API Credentials shared by the organization that has invited you to a sharing community. After configuring the credentials, you can join the sharing community and can share alerts with the organization.

  1. Click on Add a New Entity.

  2. Enter the Access ID, Secret Key, and Endpoint details in the Create a New Entity form.

  3. Select Active.

  4. Click Validate.

Edit Sharing Community Details

Click on Edit Community to make updates in the Sharing Community credentials. Credentials can be updated to rectify wrong entries and in case of validation failure.

  1. Update the Access ID, Secret Key, and Endpoint details in the Update an Entity form.

  2. Click Validate.

Share Alerts with Communities

Collaborate enables automate sharing of alerts between two different organizations that use Collaborate, via secure API endpoints. Analysts can share alerts with communities of their choice. For example, when an alert is configured with RED TLP, the rule can automatically share the alert with an ISAC community.

  1. Create an alert from the Alerts module and fill the required details.

  2. Select the Communities in the Share with other Communities from Finish section. For more details, see Share Alert with Communities