Current ThreatQ Version Filter
 

About Events

Events are objects that focus on temporal incidents that have significant security impact.

Use the steps below to create, edit and delete an Event.

Adding Events

THREATQ REQUIRED PERMISSIONS

Default ThreatQ Role: Administrative, Maintenance, or Primary Contributor
Custom Role - Action Permissions: Objects & Context - Objects, Individual Object Context & Actions

Note: If a user has View Only permission for Sources, system object creation modals default to the user’s login as the object source.

  1. Go to Create > Event.
    The Add Event window is displayed.
    Add Event Window
  2. Populate the following fields:
    Field  Description
    Type Click this field to select the event type from the dropdown list.
    Source Select a Source from the dropdown list provided.
    You can also click the Add a New Source option if the desired source is not listed in the drop-down list. If administrators have enabled TLP view settings, you can select a TLP label for the new source in the dropdown list provided. See the Traffic Light Protocol (TLP) topic for more information on TLP schema.
    Status Optional field.  Click the Status field to assign a status to the event. 

    Event statuses are configured in the Object Statuses tab in the  Object Management page.  If none are configured, this field displays a value of None.
    Point of Contact Optional field. Click the field to select the ThreatQ display name of the point of contact for the event.
    Date of Occurrence/Time/Time Zone Use these fields to add the date and time of the event.
    Title Add an Event Title.
    Description Enter a brief description of the event.

    Any description you add during object creation defaults to a Source value of ThreatQ System.
  3. Select any Related Objects you need to link to the event. This field is optional.
  4. Click Add Event.

Adding Context

See the About Object Details section and its topics for details on adding context to an object such as adding sources, attributes, and related objects.

Editing Events

The Edit Even window allows you to update an Event's title, type and date.  You can also update the Event's point of contact, status and type by clicking the corresponding fields located in the top-right of the Event's Object Details page.

  1. Locate and click on the event.

    The Event Details page opens.
    Event Details Page

  2. Click on Edit next to the Event name.

    The Edit Event window is displayed.
    Edit Event Window

  3. Enter your changes.
  4. Click the Save Event button.

Changing the Point of Contact

THREATQ REQUIRED PERMISSIONS

Default ThreatQ Role: Administrative, Maintenance, or Primary Contributor
Custom Role - Action Permissions: Objects & Context - Objects, Individual Object Context & Actions - Point of Contact

  1. Locate and click the system object.
  2. From the object details page, click the Point of Contact field.
  3. Use the field's scroll or search option to locate and select a new user as the object's point of contact or to change the point of contact to Unassigned.

Deleting Events

  1. Locate and click the event.
    The Events Details page opens.

    Event Details Page

  2. Click the Actions menu and select Delete Event.
    Action Menu - Delete Event

    A confirmation dialog box appears.
    Delete Event Confirmation

  3. Click the Delete Event button.