Current ThreatQ Version Filter
Adversaries
Default ThreatQ Role: Administrative, Maintenance, or Primary Contributor
Custom Role - Action Permissions: Objects & Context - Objects, Individual Object Context & Actions
Note: If a user has View Only permission for Sources, system object creation modals default to the user’s login as the object source.
An Adversaries is an individual or group that attempts to perform malicious actions against another individual or organization.
Use the steps below to create, edit and delete an Adversary.
Adding Adversaries
- Go to Create > Adversary.
The Add an Adversary window is displayed.
- Enter a name.
- Select a Source from the dropdown provided.
You can also click the Add a New Source option if the desired source is not listed in the drop-down list. If administrators have enabled TLP view settings, you can select a TLP label for the new source in the dropdown list provided. See the Traffic Light Protocol (TLP) topic for more information on TLP schema.
- Enter a description.
Any description you add during object creation defaults to a Source value of ThreatQ System.
- Select any Related Objects you need to link to the adversary. This field is optional.
- Click the Add Adversary button.
Adding Context
See the About Object Details section and its topics for details on adding context to an object such as adding sources, attributes, and related objects.
Editing Adversaries
- Locate and click the adversary.
The Adversary Details page opens.
- Click on Edit next to the Adversary name.
The Edit Adversary dialog box opens.
- Make the desired change to the Adversary name.
- Click the Save Adversary button.
Deleting Adversaries
- Locate and click the adversary.
The Adversary Details page opens.
- Click the Actions menu and select Delete Adversary.
A confirmation dialog box appears.
- Click the Delete Adversary button.