System Fields
System fields are out-of-the-box fields that are used while creating alerts, submitting intel and RFIs. While you cannot create system fields, you can edit these fields according to your preferences.
Text boxes allow users to add information in text format. When you create an alert, or submit an intel or an RFI, the text boxes associated with the selected category appear in the Additional section of the respective forms. Some examples of the available text box fields are Sources, Likely Motivation, Available Patch, and more.
For example, you can assign the Available Patch text box field to the Vulnerability category to allow analysts to add available patch details when sharing alerts of the category Vulnerability and to allow members to add available patch details when submitting threat intels of Vulnerability category. Additionally, you can assign the Sources text box field to the Request For Information category to allow members to include source details when submitting an RFI.
A single-select field allows users to select a single option from a preset list of options. When you create an alert or submit intel, the single select fields linked to your selected category display automatically in the Additional section of the respective forms. Similarly, the single select fields associated with the RFI category appear in the RFI form. Some examples of single-select fields are Priority, Severity, Announcement Type, Kill Chain Phase, and more.
For example, you can assign the Number of Systems Affected field to the Malware category to allow analysts to add a count of affected systems when sharing alerts of the category Malware, and to allow members to add affected system details when submitting threat intels of Malware category. Additionally, you can assign the Risk field to the Request For Information category to allow members to include the risk level when submitting an RFI.
A multi-select field allows users to select predefined options from a list. Unlike a single-select field, you can select as many options as you like from the list. As you create an alert, submit intel, or an RFI, the single select fields associated with your selected category will automatically appear in the Additional section of the respective forms. Some examples of multi-select fields are Vulnerability Type(s), Vendors, Targeted Sector(s), and more.
For example, you can assign the Info Source field to the Informational category to allow analysts to select sources of information when sharing alerts of the category Informational, and to allow members to add information source details when submitting threat intels of Informational category. Additionally, you can assign the Targeted Sector(s) field to the Request For Information category to allow members to include information about the sectors targeted when submitting an RFI.
This section contains fields that are unique from text boxes, single-select and multi-select fields. An example of this is the Tags field, which allows you to assign text labels to alerts, intel submissions, and RFIs. These fields appear during the alert creation process and the intel submission form in both the Analyst Portal and Member Portal, and when a member submits an RFI, other fields associated with the RFI category are displayed in the Additional section of the RFI submission form.
For example, you can assign the Incident Date field to the Crisis Notification category to allow analysts to add the date of the incident when sharing alerts of the category Crisis Notification, and to allow members to include the incident date when submitting threat intels of Crisis Notification category. Additionally, you can assign the Tactics-Techniques-Sub-techniques field to the Request For Information category to allow members to include tactic-technique pairs when submitting an RFI.
Enable Tags Field for Alert Creation and Intel Submissions
Tags are keywords that are attached to alerts published from the Analyst Portal and intel submitted from the Member Portal. Tags help analysts quickly identify the information and context available in an alert or an intel. For example, the Actionable Indicators tag informs analysts that the alert or intel contains important threat indicator details that need action at the earliest. Collaborate contains a distinct tag library that allows you to save and access various types of tags. For more information, see Tag Library.
Steps
To enable the tags field for alert creation and intel submission, follow these steps:
Go to Administration > Settings > Field Management > Other Fields.
Tags are available as one of the fields. Hover over the Tags field, click the vertical ellipsis, and click Edit to make changes.
Use the Alert toggle to show or hide the Tags field while creating an alert.
Use the Intel toggle to show or hide the Tags field on intel submission.
Click Update to save changes.
Make Tags Field Mandatory for a Category
To make the Tags field mandatory for alert creation and intel submissions, the Tags field must be assigned to an alert category. When the particular category is used by analysts for alert creation or by members for intel submission, the Tags field is made mandatory.
Steps
To assign the Tags field to an alert category, follow these steps:
Go to Administration > Settings > Core Settings > Category.
Choose a category to which you want to assign the Tags field. You can choose both System categories and Custom categories.
Hover on the category and click Edit to open the Update Category window.
Scroll down to the bottom of the Update Category window to see the field mapping table for the category.
Click Others to see the list of available fields. Locate the Tags field from the list and use the following information:
Turn on the Enable/Disable toggle to include the Tags field in this category.
Turn on the Mandatory toggle to make the Tags field mandatory. This makes the field mandatory for all alerts and intel published using this category.
Select Visible to Members to show the Tags field to alert recipients.
Click Update to save changes.
Manage System Fields
You can view and manage system field details.
Before you Start
Ensure that you have the View and Update permissions to the Settings module to manage system fields.
Steps
To manage system fields, follow these steps:
Sign in to the Analyst Portal.
Go to Administration > Settings > Field Management.
Select any of the system field types and use the following information:
Select Open Filters to search fields based on the text.
Hover over a field of your choice, click the vertical ellipsis, and select Edit. You can update the required details like field name, description, and usage preferences.
Note
The description that you enter in Field Description is displayed as an info icon for the text box field which helps members get more context about the field.
Click Update to save changes.