Getting started with the Threat Library
The Threat Library is your personal database of threats to your organization. If Company Clusters are the things you are protecting, then the Threat Library are all the things you are protecting them against.
The Threat Library has three different entity types, plus keywords and Threat Clusters. The entity types are:
Threat Clustersare logical groups of any combination of these, plus keywords.
Peter wants to track 'Cyber Threats from Russia'. So he creates a couple of threat cards: Threat Actors 'Turla' and 'APT28', for example, a malware card for 'BlackEnergy' and a couple of regex keywords to capture FSB and GRU in a cybersecurity context. He then creates a Threat Cluster called 'Threats from Russia' to bring them all together.
You can find your Threat Library in the sidebar and in the workbench.
Last updated