Fill Incident Details
Incident objects represent cases composed of events and tasks as well as actual or potential impacts. An Incident SDO can be created prior to a formal determination that the incident has an impact as a way to logically track casework in an attempt to investigate events or lower-level alerts.
The Incident object represents the current state of the incident or investigation while serving as an anchor point to record both related activities and the impact on an organization.
The incident component contains the following:
Basic Details
Common Fields
Custom Attributes
External References
Basic Details
Field Name | Required | Description |
|---|---|---|
Name | Mandatory | Specify the name of the incident. |
Description | Optional | Specify the description that best describes the key details of the incidents. |
Common Fields
Field Name | Description |
|---|---|
Tags | Specify the tags for the incident. Tags help in group-related information in CTIX. |
TLP | Specify the TLP of the incident such as RED, AMBER, GREEN, WHITE, and NONE. |
Confidence | Specify the confidence score for the incident. |
Custom Scores | This field allows for the assignment of scores to threat data objects based on factors that influence the lifecycle of indicators of compromise (IOCs), such as relevance, severity, and risk. Custom scores aid analysts in prioritizing their analysis, guiding actions, and facilitating the sharing of threat intelligence. |
Created by Reference | Specify the entity that created the CTIX object. |
Revoked | Select this option to mark the component as revoked or invalid. |
Custom Attributes
Field Name | Description |
|---|---|
Add Custom Attribute | Specify the additional information that helps in improving the threat intelligence details. CTIX displays custom attributes created in Administration > Custom Entities Management. You can create multiple custom attributes for the report. |
External References
Field Name | Description |
|---|---|
Source Name | Enter a source name. |
Description | Enter a description. |
External ID | Enter an external ID. |
URL | Enter the URL of the external reference. |
Hash Type | Select the hash type. |
Hash Value | Enter the hash value. |