Reports are collections of threat intelligence that may include description of a threat actor, malware, or attack technique, including context and related details. They are used to group related threat intel items tied together so that it can be published as a comprehensive cyber threat story. The report component contains a list of references to STIX Objects (the CTI objects included in the report) along with a textual description and the name of the report.
The report component contains the following tabs:
Basic Details
Common Fields
Custom Attributes
Object References
External References
Field Name | Required | Description |
|---|---|---|
Name | Mandatory | Specify the name of the report. |
Description | Optional | Specify the additional information about the report, such as the purpose and its key characteristics. |
Report Types | Optional | Specify the type of the report, such as threat report, attack pattern, campaign, identity, indicator, malware, and more. |
*Published | Mandatory | Specify the date on which the report was published in CTIX. |
*For more details about dates, see General FAQs.
Field Name | Description |
|---|---|
Tags | Specify the tags for the report. |
TLP | Specify the TLP of the report, such as RED, AMBER, GREEN, WHITE, and NONE. |
Confidence | Specify the confidence score for the report. |
Created by Reference | Specify the entity that created the CTIX object. |
Revoked | Select this option to mark the component as revoked or invalid. |
Field Name | Description |
|---|---|
Add Custom Attribute | Specify the additional information that helps in improving the threat intelligence details. CTIX displays custom attributes created in Administration > Custom Entities Management. You can create multiple custom attributes for the report. NoteReserved attributes cannot be created as custom attributes or mapped to custom objects. For more information, see Custom Attributes. |
Field Name | Description |
|---|---|
SDO Type | Specify the SDO type for the report, such as indicator, identity, attack pattern, and more. You can choose a type of object to perform the |
Use external references to include any non-STIX information that you may want to associate with this object.
Field Name | Description |
|---|---|
Source Name | Enter a source name. |
Description | Enter a description. |
External ID | Enter an external ID. |
URL | Enter the URL of the external reference. |
Hash Type | Select the hash type. |
Hash Value | Enter the hash value. |