Custom Attributes
Custom Attributes provide additional information that enhances the details of threat intelligence. These attributes are not limited to specific types or categories and can be customized based on the unique requirements of security and business operations. You can add custom attributes and utilize them to include supplementary information to indicators when creating Quick Intel and Import Intel. For example, Credit Card number, CVV number, expiry date, and more.
Internal Custom Attributes
Administrators can create internal custom attributes to add organization-specific details to a threat data object. These custom attributes are solely created for internal usage and are never published to collections or shared with subscribers.
You can create internal custom attributes in the x_x--internal--<attribute_name> format. For example, if an analyst wants to create a custom attribute for analyzing IP addresses from an RSS source, you create a tag like x-internal-RSS-IP-address. The x_x--internal-- is case insensitive.
Create Custom Attributes
You can create custom attributes to provide more information which enhances the details of threat intelligence.
Before you Start
Ensure that you have View Custom Entities, Create Custom Entities, and Update Custom Entities permissions.
Steps
To create custom attributes, follow these steps:
Go to Administration > Custom Entities Management > Custom Attribute.
Click Add Custom Attribute.
Enter a unique name within 100 characters for your custom attribute to identify and assign objects to it. Allowed values are lowercase alphabets (a-z), numbers (0-9), and underscores (_). For example, campaign_type.
You can search and attach this attribute in Custom Objects > Search Custom Attributes.
Enter a description within 500 characters to add key details of a custom attribute.
Select a field type to define the value type for the custom attribute. You can choose from Input (Boolean), Input (Integer), Input (String), Single Select, JSON, Date, and Input(float). For example, if the attribute is a number, then select Input (Integer).
If you choose Input (Boolean), the platform prompts you to choose actionable attributes and select the objects to align with the custom attributes.
If you choose Single Select, the platform prompts you to enter user-defined attribute values and choose actionable attributes and related objects to align with the custom attributes.
Click Save.
You can continue to add more custom attributes using Save and Add New.
You can view the custom attributes attached to an object in Threat Data.
Manage Custom Attributes
After you add custom attributes, you can perform the following activities:
Search: Click on Search or filter results to search custom attributes based on attribute name, created range, modified range, status, and field type.
Clone: Click on the vertical ellipsis of an attribute and select Clone to clone the user-defined custom attributes to utilize the same properties. You cannot clone a system-defined custom attribute.
Delete: Click on the vertical ellipsis of an attribute and select Delete to delete the user-defined custom attributes after it is no longer useful and free up space for more custom attributes. You cannot delete a system-defined custom attribute.