TLP Controls
The Traffic Light Protocol (TLP) is a set of designations that ensure sensitive information is correctly shared with the appropriate recipients. In Collaborate, the TLP hierarchy helps analysts decide how to disseminate information such as alerts, doc library files, and intel reports to appropriate recipients.
TLP 1.0: is a simple and intuitive schema for indicating when and how sensitive information can be shared with members.
TLP 2.0: is the latest version of TLP released by the Forum of Incident Response and Security Team (FIRST) that includes a few updates to TLP version 1.0. Collaborate is compliant with the new TLP version 2.0 and analysts can start using it in all the modules of Collaborate to disseminate information to the appropriate recipients.
To select a TLP version for your Collaborate instance, see Configure CSAP Features
TLP 1.0
TLP 1.0 enlists the following colors to indicate the expected sharing boundaries to be applied while sharing information with the recipients.
Color | Definition |
RED | Not to be disclosed. Restricted to limited recipients. |
AMBER | Limited disclosure. Restricted to a few recipients of the organization and its clients. |
GREEN | Limited disclosure. Restricted to the community. |
WHITE | Disclosure is not limited. Information can be shared freely. |
TLP 2.0
TLP 2.0 enlists the following colors to indicate the expected sharing boundaries to be applied while sharing information with the recipients.
Color | Definition |
RED | Not to be disclosed. Restricted to limited recipients. |
AMBER+STRICT | Limited disclosure. Restricted to a few recipients of the organization only. |
AMBER | Limited disclosure. Restricted to a few recipients of the organization and its clients. |
GREEN | Limited disclosure, restricted to the community. |
CLEAR | Disclosure is not limited. Information can be shared freely. |
Configure TLP Controls
Analysts can set preferences to automatically show and hide details such as summary, image, optional fields, and attachments in the alert email, or RFI email, based on the selected TLP color. Additionally, analysts can also configure some Collaborate related preferences to perform actions based on the selected TLP color.
For example, if Summary in Email and Image in Email is selected and the Additional Fields in Email is not selected for RED TLP, then the email alert will show only the summary and image for the alert.
Before you start
Ensure that you have the View and Update permissions to configure TLP controls.
Steps
To configure TLP controls, follow these steps:
Go to Administration > Settings > Alert Settings > TLP Controls.
Click Edit. Analysts can set the following preferences:
Summary in Email: Select a TLP color to show the summary under an alert in the email to be sent to the recipient. For example, when you select RED as the TLP color for Summary in Email, the recipient receiving an alert with RED TLP will be able to view the alert summary in the email received.
Additional Fields in Email: Select a TLP color to show the additional fields under an alert in the email to be sent to the recipient.
Image in Email: Select a TLP color to show the image under an alert in the email to be sent to the recipient.
Attachment in Email: Select a TLP color to show an attachment under an alert in the email to be sent to the recipient.
Export in Member Portal: Select a TLP color to show the export option under an alert to the member in the member portal. For example, when you select GREEN as the TLP color for Export in Member Portal, the member trying to export an alert with GREEN TLP views that option under Alerts in Member Portal.
Image in Member Portal: Select a TLP color to show the image under an alert to the member in the member portal.
Allow Export as PDF: Select a TLP color to allow export as PDF in the alert chosen.
Summary in Intel Email: Select a TLP color to show the summary under an intel in the email to be sent to the recipient.
Summary in RFI Email: Select a TLP color to show the summary under an RFI in the email to be sent to the recipient.
Post to CTIX from Alert: Select a TLP color to post the associated alerts to the Intel Exchange platform. For example, if you select RED, Collaborate automatically posts all the RED TLP alerts to the Intel Exchange platform.
Post to CTIX from Automated Intel: Select a TLP color to post the associated automated intel to the Intel Exchange platform. For example, when you select RED, Collaborate automatically posts all the RED TLP automated intel to the Intel Exchange platform.
Send Email to Publisher: Select a TLP color to send an email to publishers when an alert with this TLP color is created. For example, when you select RED, Collaborate automatically sends emails to publishers on a RED TLP alert creation.
Select the actions you want to perform for the corresponding TLP color.
Click Update Configuration to save the changes.