Best Practices for Sharing Alerts
The following are some best practices to consider while sharing alerts (advisories) using the Partner Advisory Network (PAN) open APIs:
Do's
Before sharing the alerts, ensure that the information is accurate, relevant, and verified to avoid disseminating false or misleading information.
Ensure that the alerts do not contain any personally identifiable information (PII) or sensitive information to prevent privacy violations.
While creating alerts, make sure to add the indicators of compromise (IOCs) in the
indicatorsfield, and not in thedescriptionfield.Provide sufficient context and details with the alerts to assist recipients in understanding the potential impact and necessary actions to be taken. You can add the actions in the
recommended_actionfield.Keep the API credentials confidential and restricted to authorized personnel within your organization.
Raise a request for the production PAN account only when you are ready to actively share advisories with Cyware’s ISAC and ISAO (threat intelligence sharing communities) network.
Don'ts
After receiving the credentials for the production account, refrain from using them to test alerts, as these alerts will be directly shared with ISACs through CSAP.
Avoid sharing outdated or similar alerts that are no longer significant.
Do not inundate recipients with irrelevant alerts, as it may lead to alert fatigue and reduced attention to critical information.