Current ThreatQ Version Filter
 

Malware

THREATQ REQUIRED PERMISSIONS

Default ThreatQ Role: Administrative, Maintenance, or Primary Contributor
Custom Role - Action Permissions: Objects & Context - Objects, Individual Object Context & Actions

Note: If a user has View Only permission for Sources, system object creation modals default to the user’s login as the object source.

Malware, short for malicious software, targets devices, services, and networks with the intent to gain unauthorized access or damage a network or programmable device.    

Use the steps below to create, edit and delete a Malware object.  

Adding a Malware Object

  1. Go to Create > Malware.
    The Add Malware window is displayed.
    Add Malware dialog box
  2. Populate the following fields:
    Field  Description
    Name Add a malware name.
    Description Enter a brief description of the malware object.

    Any description you add during object creation defaults to a Source value of ThreatQ System.
    Status Optional field.  Click the Status field to assign a status to the malware object. 

    Malware statuses are configured in the Object Statuses tab in the  Object Management page.  If none are configured, this field is not displayed.
    Point of Contact Optional field. Click the field to select the ThreatQ display name of the point of contact for the malware object.
    Source Select a Source from the dropdown list provided.
    You can also click the Add a New Source option if the desired source is not listed in the drop-down list. If administrators have enabled TLP view settings, you can select a TLP label for the new source in the dropdown list provided. See the Traffic Light Protocol (TLP) topic for more information on TLP schema.
  3. Select any Related Objects you need to link to the Malware. This field is optional.
  4. Click Add Malware.

Adding Context

See the About Object Details section and its topics for details on adding context to an object such as adding sources, attributes, and related objects.

Editing a Malware Object

  1. Locate and click on the Malware.

    The Malware's detail page opens.
    Malware details page

  2. Click on Edit next to the Malware's name.

    The Edit Malware dialog box opens.
    Edit Malware dialog box

  3. Make the desired change to the Malware name and click Save Malware.

Changing the Point of Contact

THREATQ REQUIRED PERMISSIONS

Default ThreatQ Role: Administrative, Maintenance, or Primary Contributor
Custom Role - Action Permissions: Objects & Context - Objects, Individual Object Context & Actions - Point of Contact

  1. Locate and click the system object.
  2. From the object details page, click the Point of Contact field.
  3. Use the field's scroll or search option to locate and select a new user as the object's point of contact or to change the point of contact to Unassigned.

Deleting a Malware Object

  1. Locate and click on the Malware.

    The Malware's details page opens.
    Malware details page

  2. Click on the Actions menu and select Delete Malware.

    A confirmation dialog box appears.
    Deletion Confirmation dialog box

  3. Click on Delete Malware.