Fill Note Details
A Note is used to convey additional context, analysis, or information that is not captured within the related STIX Objects, Marking Definition objects, or Language Content objects. It provides further insights and can be created by anyone, not just the original object creator.
For example, an analyst might add a Note to a Campaign object created by another organization, indicating that they have observed related posts on a hacker forum. Since Notes are often created by human analysts and consist of human-readable text, they include a property to identify the analyst(s) who authored the Note.
The note component contains the following:
Basic Details
Common Fields
Custom Attributes
Object Reference
External References
Basic Details
Field Name | Required | Description |
|---|---|---|
Opinion | Mandatory | The perspective held by the producer regarding all the STIX Object(s) referenced in the object_refs property. |
Authors | Optional | The name(s) of the author(s) of this opinion, such as the analyst(s) who created it. |
Explanation | Optional | A rationale for why the producer holds this opinion. For instance, if the opinion is strongly disagree, the explanation may include the reasons for the disagreement and the evidence supporting this stance. |
Common Fields
Field Name | Description |
|---|---|
Tags | Specify the tags for the opinion. |
TLP | Specify the TLP of the opinion, such as RED, AMBER, GREEN, WHITE, and NONE. |
Confidence | Specify the confidence score for the opinion. |
Custom Scores | This field allows for the assignment of scores to threat data objects based on factors that influence the lifecycle of indicators of compromise (IOCs), such as relevance, severity, and risk. Custom scores aid analysts in prioritizing their analysis, guiding actions, and facilitating the sharing of threat intelligence. |
Created by Reference | Specify the entity that created the CTIX object. |
Revoked | Select this option to mark the component as revoked or invalid. |
Custom Attributes
Field Name | Description |
|---|---|
Add Custom Attribute | Specify the additional information that helps in improving the threat intelligence details. CTIX displays custom attributes created in Administration > Custom Entities Management. You can create multiple custom attributes for the report. |
Object References
Field Name | Description |
|---|---|
Select SDO Type |
External References
Field Name | Description |
|---|---|
Source Name | Enter a source name. |
Description | Enter a description. |
External ID | Enter an external ID. |
URL | Enter the URL of the external reference. |
Hash Type | Select the hash type. |
Hash Value | Enter the hash value. |