Fill Grouping Details
Grouping serves to organize and categorize information within the vocabulary, allowing producers to utilize custom vocabulary entries. This property is specifically designed to capture relationships between related data points, providing context and clarity to the information being analyzed. By effectively grouping relevant details, analysts can better identify patterns and trends that may indicate suspicious activities or threats.
The grouping details component contains the following:
Basic Details
Common Fields
Custom Attributes
Object Reference
External References
Basic Details
Field Name | Required | Description |
|---|---|---|
Name | Mandatory | Specify the name of the group. |
Description | Optional | Specify the additional information about the group, such as the purpose and its key characteristics. |
Context | Mandatory | A short descriptor of the particular context shared by the content referenced by the Grouping. |
Common Fields
Field Name | Description |
|---|---|
Tags | Specify the tags for the group. |
TLP | Specify the TLP of the group, such as RED, AMBER, GREEN, WHITE, and NONE. |
Confidence | Specify the confidence score for the group. |
Custom Scores | This field allows for the assignment of scores to threat data objects based on factors that influence the lifecycle of indicators of compromise (IOCs), such as relevance, severity, and risk. Custom scores aid analysts in prioritizing their analysis, guiding actions, and facilitating the sharing of threat intelligence. |
Created by Reference | Specify the entity that created the CTIX object. |
Revoked | Select this option to mark the component as revoked or invalid. |
Custom Attributes
Field Name | Description |
|---|---|
Add Custom Attribute | Specify the additional information that helps in improving the threat intelligence details. CTIX displays custom attributes created in Administration > Custom Entities Management. You can create multiple custom attributes for the report. |
Object Reference(s)
Field Name | Description |
|---|---|
Select SDO Type | Specify the STIX Objects that are referred to by this STIX component. |
External References
Field Name | Description |
|---|---|
Source Name | Enter a source name. |
Description | Enter a description. |
External ID | Enter an external ID. |
URL | Enter the URL of the external reference. |
Hash Type | Select the hash type. |
Hash Value | Enter the hash value. |