About Object Details
Default ThreatQ Role: Administrative, Maintenance, or Primary Contributor
Custom Role - Action Permissions: Objects & Context - Individual Object Context & Actions
You can click on an object within the ThreatQ application to access its details page. The Object Details page provides you with an in-depth look at an individual object. You can enter comments for others to view, link related objects, and view an audit log of all activity associated with the object.
Specific objects, such as Indicators, display additional information such as score, and expiration data.
Relationship Limits
If an object has more than 10,000 relationships from the same source, the Relationship Limit Reached banner is displayed at the top of the object details page until you close by clicking the X in the upper right corner or until you resolve the relationship limit issue.
In addition, the object’s Sources pane displays a relationship limit badge with a tooltip listing the source that exceeded the limit. Within the tooltip, you can click the source to access a Threat Library view filtered by the related to (object name) and relationship criteria (offending source).
| Object Details Page Legend | |||
|---|---|---|---|
| Header Section | |||
| Number | Field | Description | Reference |
| 1 | Edit Object Link | The Edit link allows you to edit specific details about an object. Edit fields will differ based on the type of object. | N/A |
| 2 | Score Selection* Applies to Indicators Only |
The Score Selection dropdown allows you to override an indicator's score set by the scoring algorithm. | |
| 3 | Score Summary* Applies to Indicators Only |
You can click on the icon to review the criteria utilized by the application's scoring algorithm to generate the Indicator's score. | |
| Point of Contact* Does not apply to Adversaries, Files, Indicators, Signatures, and Tasks |
The Point of Contact menu allows you to select the ThreatQ display name of the point of contact for the object. | ||
| 4 | Status* Does not apply to Adversaries, Files, Signatures, and Tasks |
The Status dropdown menu allows you to manually set the status of an object. |
|
| 5 | Add to Watchlist | The Watchlist toggle button allows you to add and remove the object from the Watchlist widget. | |
| 6 | Expiration* Applies to Indicators Only |
The Expire link allows you to set an expiration date for the indicator, protect from auto-expiration policies, and remove an existing set expiration date. |
|
| Details Section | |||
| Number | Pane | Description | Reference |
| 7 | Attributes | The Attributes pane displays attributes associated with the object. You can Add, Edit, and Delete attributes found in this section. | |
| 8 | Sources | The Sources pane displays sources associated with the object. You can Add, Edit, or Remove sources. | |
| 9 | Tags | The Tags pane displays tags associated with the object. You can Add and Delete tags found in this section. | |
| 10 | Descriptions | The Descriptions pane allows you to add, update, or delete object information. | |
| 11 | Adversaries | The Adversaries pane displays adversaries associated with the object. | |
| 12 | Files | The Files pane displays files associated with the object and gives you the option to preview, download, and/or parse the file. If your browser does not support file preview for a specific file type, the file is downloaded instead.
You cannot preview a malware locked file. |
|
| 13 | Indicators | The Indicators pane displays indicators associated with the object. | |
| 14 | Tasks | The Tasks pane displays tasks associated with the object. | |
| 15 | Comments | The Comments pane allows you to record comments about the object for other users to read and reference. | |
| 16 | Operations | The Operations pane allows you to associate third-party attributes and related indicators to the indicator.
This option requires the installation of Operations. See the Managing Integrations topic for more details. |
|
| 17 | Orchestrator | Requires ThreatQ TDR Orchestrator. The Orchestrator pane lists the name of each TQO workflow that has processed the object and the workflow run timestamp. | |
| 18 | Audit Log | The Audit Log panel displays all actions and changes made to an Object. | |
| Left-Hand Navigation | |||
| Number | Field | Description | Reference |
| 19 | Actions Menu | The Actions menu lists the following options:
|
|
| 20 | Object Details Navigation Tabs | This allows you to jump to a particular pane on the Object Details page. | N/A |
* Indicates the object details page option is only available for specific object types.
Items marked with an * in the Object Details Page Legend indicate an option only available to specific object types.
| Object Details Page Legend | |||
|---|---|---|---|
| Header Section | |||
| Number | Field | Description | Reference |
| 1 | Edit Object Link | The Edit link allows you to edit specific details about an object. Edit fields will differ based on the type of object. | N/A |
| 2 | Score Selection* Applies to Indicators Only |
The Score Selection dropdown allows you to override an indicator's score set by the scoring algorithm. | |
| 3 | Score Summary* Applies to Indicators Only |
You can click on the icon to review the criteria utilized by the application's scoring algorithm to generate the Indicator's score. | |
| Point of Contact* Does not apply to Adversaries, Files, Indicators, Signatures, and Tasks |
The Point of Contact menu allows you to select the ThreatQ display name of the point of contact for the object. | ||
| 4 | Status* Does not apply to Adversaries, Files, Signatures, and Tasks |
The Status dropdown menu allows you to manually set the status of an object. |
|
| 5 | Add to Watchlist | The Watchlist toggle button allows you to add and remove the object from the Watchlist widget. | |
| 6 | Expiration* Applies to Indicators Only |
The Expire link allows you to set an expiration date for the indicator, protect from auto-expiration policies, and remove an existing set expiration date. |
|
| Details Section | |||
| Number | Pane | Description | Reference |
| 7 | Attributes | The Attributes pane displays attributes associated with the object. You can Add, Edit, and Delete attributes found in this section. | |
| 8 | Sources | The Sources pane displays sources associated with the object. You can Add, Edit, or Remove sources. | |
| 9 | Tags | The Tags pane displays tags associated with the object. You can Add and Delete tags found in this section. | |
| 10 | Descriptions | The Descriptions pane allows you to add, update, or delete object information. | |
| 11 | Adversaries | The Adversaries pane displays adversaries associated with the object. | |
| 12 | Files | The Files pane displays files associated with the object and gives you the option to preview, download, and/or parse the file. If your browser does not support file preview for a specific file type, the file is downloaded instead.
You cannot preview a malware locked file. |
|
| 13 | Indicators | The Indicators pane displays indicators associated with the object. | |
| 14 | Tasks | The Tasks pane displays tasks associated with the object. | |
| 15 | Comments | The Comments pane allows you to record comments about the object for other users to read and reference. | |
| 16 | Operations | The Operations pane allows you to associate third-party attributes and related indicators to the indicator.
This options requires the installation of Operations. See the Managing Integrations topic for more details. |
|
| 17 | Audit Log | The Audit Log panel displays all actions and changes made to an Object. | |
| Left-Hand Navigation | |||
| Number | Field | Description | Reference |
| 18 | Actions Menu | The Actions menu lists the following options:
|
|
| 19 | Object Details Navigation Tabs | This allows you to jump to a particular pane on the Object Details page. | N/A |