Traffic Light Protocol (TLP)
Default ThreatQ Role: Administrative, Maintenance, or Primary Contributor
Custom Role - Action Permissions: Data Controls - Edit TLP, See the Interdependent Permissions topic.
Traffic Light Protocol (TLP) schema provides a set of labels used to ensure that sensitive information is shared with the appropriate audience. ThreatQ provides a method for designating the availability of intelligence information by their sources. Users can also use TLP schema to filter objects when creating an export - see the Adding an Export section in the Managing Exports topic for more details.
Administrators have the ability to configure TLP visibility settings for the ThreatQ application.
Labels
TLP employs the following light icons to indicate the expected sharing boundaries for data:
| Light | Label | Description |
|---|---|---|
 |
Red | Not for disclosure, restricted to participants only. |
 |
Amber+strict | Limited disclosure, restricted to participants’ organization. |
|
Amber | Limited disclosure, restricted to participants’ organization and its clients. |
 |
Green | Limited disclosure, restricted to the community. |
 |
Clear | Disclosure is not limited. |
TLP Assignment Hierarchy
The ThreatQ TLP assignment hierarchy is as follows (highest to lowest precedence):
| Method | Details |
|---|---|
| Manually Set | Using the Add New Source option when creating an object will allow you to select a TLP label. |
| Source Provided Data | TLP label received from ingested data. |
| Source Default | Administrators can set a source's default TLP label. See the Add TLP to Source section. |
| No TLP | A TLP label has not been set for the source. |
Access TLP Settings
Users can manage TLP settings for system sources by accessing the TLP tab under the Data Controls page.
- From the navigation menu, click on Threat Library and select TLP under the Data Controls heading.
The Data Controls page will load with TLP tab selected by default.
Configure TLP Visibility
System administrators can set visibility settings to either hide or show TLP labels to users. Enabled indicates that TLP labels are visible to users.
- Click the Enabled/Disabled toggle.
You do not need to click the Save button. Changes to the Enabled/Disabled status are made immediately.
Apply a TLP Label to Source
- Locate the source to update from the list provided.
You can use the Filter by Source Name field to locate the desired source.
- Click on the TLP dropdown to the right of the source and select the appropriate TLP label.
- Click Save.
You can override a source-default TLP label when manually adding a source to an object. See the Adding a Source to an Object topic for more details.