Update Malware
After the malware is added, you can access the malware from Menu > Malware. Search and click the malware title to open the malware. To get a quick overview of the malware, click Show Overview on the right. Overview displays some basic details of the malware, such as malware ID, created and last updated dates, labels added to the malware to categorize it, connected modules, and added notes. Use the following CFTR features to update the malware:
Summary: Displays the details of the malware, such as malware description, malware type, file type, and more.
Notes: Add notes of the actions performed on the malware.
Activity Logs: Displays a list of all malware updates.
Connect the Dots: Connect other CFTR modules that are related to the malware to gain contextual information. For more information, see Connect the Dots.
Threat Intel: Connect various indicator types that are related to the malware to gain contextual information.
Actions: Add actions for the tasks that are required for the malware. For more information, see Create Action.
PIRs: Add PIRs for the tasks that are required for the malware. For more information, see Create PIR.
Enhancements: Add enhancements for the tasks that are required for the malware. For more information, see Create Enhancement.
Attachments: Upload the external files that are related to the malware. For more information, see Add Attachments.
To update a malware, do the following:
Open a malware from the Malware listing page. The malware details page appears.
Hover the cursor over a field and click the Edit icon.
Update the field and click the Save icon.
To view the update history of a field, hover the cursor over a field and click the History icon.
Update Status of a Malware
To update the status of a malware:
Open a malware from the Malware listing page. The malware details page appears.
On the top-right corner, from the status drop-down list, select a status. A confirmation message appears.
Click Yes, Proceed.
Add Indicators
Under the Indicators tab, you can connect indicators that are related to the threat actor, such as domains, IP addresses, emails, URLs, and so on. To add indicators to a malware:
On a malware details page, click the Indicators tab.
On the Indicators section, click Connect Now. Add Indicators page appears.
Select the indicator type from the left panel.
On the right panel, under Update <indicator_type>section, enter the indicator details in separate lines.
Click Save.
The added indicators appear under the Indicators tab.