Skip to main content

Cyware Threat Intelligence eXchange

Overview

The Overview provides an overview of the threat data object details that enables you to view essential details about the threat data object in one place and decide on further actions.

You can view the following details:

  • Key Details: View the aggregated details of the threat data object reported from various sources such as Type, TLP, CTIX Confidence Score, and more. For more information, see Key Details>.

  • Sources: View the list of sources that reported the threat data object. You can view the Source name and Source Confidence score based on the Source Modified date, which enables you to stay informed on the latest source modifications. For more information, see Analysis.

  • Enrichment: View the list of enrichment details. You can view the tools used for enrichment, the Enriched Date, and the Verdict provided by each enrichment tool. For more information, see Enrichment.

  • Relations: View the relationships of the threat data objects. For more information, see Relations.

  • Action Taken: View the list of actions performed on the threat data object. You can view  Actions performed and Tools used to perform the action based on the Actioned Date. For more information, see Action Taken.

  • Tasks: View the list of tasks assigned to the analysts to perform on the threat data object. You can view the task Name, Assignee, and Status of the task. For more information, see Tasks.

  • Published Collections: View the list of collections to which the threat data object is published. You can view the collection name, and the action used to publish the object to the collection based on the published date.

  • Killchain Phases: View the list of kill chain phases associated with the threat data object. You can view the kill chain name and the kill chain phase associated with the threat data object.

  • Custom Attributes: View the associated custom attributes which provide additional information that provides more insights. You can view the Name and Value of the custom attributes. For more information see, Custom Attributes.

  • CVSS Score Details: View the list of CVSS scores reported from sources for vulnerability. You can view the Source name, CVSS v2 Score, and CVSS v3 Score assigned by sources to the vulnerability.

  • Product Details: View the list of product details provided by sources for vulnerabilities. You can view the Source/Subscriber that reported this vulnerability, the Product Name, and the Product Version that was exploited to the vulnerability. 

  • External References: View the list of external references associated with the threat data object provided by the source. You can view the External ID, Source, and URL to the external source.

Key Details

You can view the following aggregated details of the threat data object reported from various sources:

Note

The fields differ based on the threat data objects and it is compliant with STIX standards.

  • Value: View the object value of the threat data object. For example, Poison IVY.

  • Confidence Score: View the confidence score generated by the CTIX Confidence Score Engine. For more information, see <Confidence score>. You can click More Actions to perform the following activities:

    • Click Refresh to view the latest confidence score.

    • Click Key Evidence to view the parameters that are considered to calculate the confidence score.

  • Type: View the type of the threat data object such as indicator, attack pattern, and more. For example, Indicator / SHA1.

  • TLP: View the highest TLP value that the source has reported for the threat data object.

  • Reported By Sources: View the various feed sources that reported this threat data object.

  • Source Created Date: View the date and time when the source first reported this threat data object.

  • Source Modified Date: View the latest date and time when the source last modified this threat data object.

  • System Created Date: View the latest date and time when the threat data object was created in the platform.

  • System Modified Date: View the latest date and time when the threat data object was last modified in the platform.