Event Types

Current ThreatQ Version Filter

Event Types

THREATQ REQUIRED PERMISSIONS

Default ThreatQ Role: Administrative, Maintenance, or Primary Contributor
Custom Role - Action Permissions: Objects & Context - Manage Object Sub-types

The Event Types page allows you to view, add, edit, and delete system Events.

Event Types Tab

Event Types provided by ThreatQ cannot be edited or deleted, but you can add, edit, and delete your own custom event types.

System provided Event Types include:

Anonymization
Command and Control
Compromised PKI Certificate
DoS Attack
Exfiltration

Host Characteristics
Incidents
Login Compromise
Malware
Sighting

Spearphish
SQL Injection Attack
Watchlist
Watering Hole

Viewing Event Types

Navigate to Settings > Object Management.
The Object Management page opens.
Click the Event Types tab.
The Event Types tab opens.

Event Types Table Functions:

Function	Description
Changing the number of entries displayed in the table	Click the dropdown menu at the top right of the table and select the desired option.
Filter table by Event Type	Enter a keyword in the text field provided to filter the table by event type.
Sort table by Total Events	Click on Total Events column header to sort the table by ascending/descending order.
Sort table by Total Indicators	Click the Total Indicators column header to sort the table by ascending/descending order. Clicking on the value will open the Threat Library filtered to indicators linked to the event type as a related object. User-created Event Types will have an Edit link located to the right of the Total Indicator value. Clicking on the Edit link will open the Edit Event Type dialog box.

Adding an Event Type

From the main menu, select Settings > Object Management.
The Object Management page opens to the Indicator Statuses tab.
Click the Event Types tab.
The Event Types tab opens.
Click Add New Event Type.
The Add Event Type dialog box opens.
Enter a Event Name.
Click Add Type.

Editing an Event Type

You can edit user-generated event types.

You cannot edit an Event Type provided by ThreatQ.

Navigate to Settings > Object Management.
The Object Management page opens to the Indicator Statuses tab.
Click the Event Types tab.
The Event Types tab opens.
Determine the Event Type you want to edit and click Edit in the far right column.
The Edit Event Type dialog box opens.
Enter a new Event Name.
Click Save Changes.

Deleting an Event Type

You cannot delete an Event Type provided by ThreatQ. Custom Event Types can only be deleted if there are no events using that event type.

Navigate to Settings > Object Management.
The Object Management page opens to the Indicator Statuses tab.
Click the Event Types tab.
The Event Types tab opens.
Determine the event type you want to delete and select the corresponding checkbox in the first column.
Click the Delete icon in the upper right hand corner.
A confirmation dialog box appears.
Click Delete Types.