Fill Report Details
Reports are collections of threat intelligence that may include description of a threat actor, malware, or attack technique, including context and related details. They are used to group related threat intel items tied together so that it can be published as a comprehensive cyber threat story. The report component contains a list of references to STIX Objects (the CTI objects included in the report) along with a textual description and the name of the report.
The report component contains the following tabs:
Basic Details
Common Fields
Custom Attributes
Object References
External References
Basic Details
Field Name | Required | Description |
|---|---|---|
Name | Mandatory | Specify the name of the report. |
Description | Optional | Specify the additional information about the report, such as the purpose and its key characteristics. |
Report Types | Optional | Specify the type of the report, such as threat report, attack pattern, campaign, identity, indicator, malware, and more. |
*Published | Mandatory | Specify the date on which the report was published in CTIX. |
*For more details about dates, see General FAQs.
Common Fields
Field Name | Description |
|---|---|
Tags | Specify the tags for the report. |
TLP | Specify the TLP of the report, such as RED, AMBER, GREEN, WHITE, and NONE. |
Confidence | Specify the confidence score for the report. |
Created by Reference | Specify the entity that created the CTIX object. |
Revoked | Select this option to mark the component as revoked or invalid. |
Custom Attributes
Field Name | Description |
|---|---|
Add Custom Attribute | Specify the additional information that helps in improving the threat intelligence details. CTIX displays custom attributes created in Administration > Custom Entities Management. You can create multiple custom attributes for the report. |
Object References
Field Name | Description |
|---|---|
SDO Type | Specify the SDO type for the report, such as indicator, identity, attack pattern, and more. You can choose a type of object to perform the |
External References
Use external references to include any non-STIX information that you may want to associate with this object.
Field Name | Description |
|---|---|
Source Name | Enter a source name. |
Description | Enter a description. |
External ID | Enter an external ID. |
URL | Enter the URL of the external reference. |
Hash Type | Select the hash type. |
Hash Value | Enter the hash value. |