Analysis
The Analysis tab allows you to perform detailed analysis based on the Source Details and provide additional information and insights about the threat data object in the Analyst Details.
Analyst Details
You can perform the following actions on the threat data object based on your analysis:
TLP: Select a TLP value from RED, AMBER, GREEN, WHITE, NONE. By default, the TLP value is the same as the highest value reported by the source.
Analyst Score: Enter the analyst score based on your analysis ranging from 0 to 100.
Custom Score: Enter the custom scores to associate with the threat data objects. For more information, see Configure Custom Scores.
Alias: Enter custom aliases for Threat Actor, Malware, Attack Pattern, Campaign, Infrastructure, Intrusion Set, and Tool object types.
Analyst Description: Add a description based on your analysis to provide more information and insights on this threat data object. You can also generate descriptions using AI-Assist. For more information, see Generate Analyst Description using AI Assist.
Source Details
You can view the following details:
Source name: View the different sources that reported this threat data object.
Note
You can view the latest occurrence per source collection that reported the threat data object.
Source Description: View the description provided by the source. You can click More Actions and select to enable HTML view or fang-defang the IOCs present in the description.
Note
You can extract intel from the source descriptions for the report object type. For more information, see Extract Intel from Report Description.
Custom Score: View the default custom scores configured for feed sources. For more information, see Configure Custom Scores.
Collection: View the source collection name in which the intel is received.
Tags: View the source tags associated with the threat data object.
Killchain Phases: Shows the associated kill chain phase and kill chain name.
Custom Attributes: Shows the additional information about the threat data object provided by the source.
External References: Shows the external references provided by the source.