Getting started with the Threat Library

The Threat Library is your personal database of threats to your organization. If Company Clusters are the things you are protecting, then the Threat Library are all the things you are protecting them against.

The Threat Library has three different entity types, plus keywords and Threat Clusters. The entity types are:

Threat Actors

Malware

Vulnerabilities

Threat Clustersare logical groups of any combination of these, plus keywords.

Peter wants to track 'Cyber Threats from Russia'. So he creates a couple of threat cards: Threat Actors 'Turla' and 'APT28', for example, a malware card for 'BlackEnergy' and a couple of regex keywords to capture FSB and GRU in a cybersecurity context. He then creates a Threat Cluster called 'Threats from Russia' to bring them all together.

You can find your Threat Library in and in the .

NextThreat Clusters

Last updated 5 months ago