Skip to main content

Cyware Threat Intelligence eXchange

Fill Report Details

Reports are collections of threat intelligence that may include description of a threat actor, malware, or attack technique, including context and related details. They are used to group related threat intel items tied together so that it can be published as a comprehensive cyber threat story. The report component contains a list of references to STIX Objects (the CTI objects included in the report) along with a textual description and the name of the report.

The report component contains the following tabs:

  • Basic Details

  • Common Fields

  • Custom Attributes

  • Object References

  • External References

Basic Details

Field Name

Required

Description

Name

Mandatory

Specify the name of the report.

Description

Optional

Specify the additional information about the report, such as the purpose and its key characteristics.

Report Types

Optional

Specify the type of the report, such as threat report, attack pattern, campaign, identity, indicator, malware, and more.

*Published

Mandatory

Specify the date on which the report was published in CTIX.

*For more details about dates, see General FAQs.

Common Fields

Field Name

Description

Tags

Specify the tags for the report.

TLP

Specify the TLP of the report, such as RED, AMBER, GREEN, WHITE, and NONE.

Confidence

Specify the confidence score for the report.

Created by Reference

Specify the entity that created the CTIX object.

Revoked

Select this option to mark the component as revoked or invalid.

Custom Attributes

Field Name

Description

Add Custom Attribute

Specify the additional information that helps in improving the threat intelligence details. CTIX displays custom attributes created in Administration > Custom Entities Management. You can create multiple custom attributes for the report.

Object References

Field Name

Description

SDO Type

Specify the SDO type for the report, such as indicator, identity, attack pattern, and more. You can choose a type of object to perform the

External References

Use external references to include any non-STIX information that you may want to associate with this object.

Field Name

Description

Source Name

Enter a source name.

Description

Enter a description.

External ID

Enter an external ID.

URL

Enter the URL of the external reference.

Hash Type

Select the hash type.

Hash Value

Enter the hash value.