WEBVTT 1 00:00:10.760 --> 00:00:19.978 Traffic Light Protocol, referred to as TLP, provides a set of designations used to ensure that sensitive information is shared with the appropriate audience. 2 00:00:20.478 --> 00:00:25.859 ThreatQ provides a method for designating the availability of intelligence information by its source. 3 00:00:26.526 --> 00:00:31.239 From the object details page, you can view the object and attribute source designations. 4 00:00:31.823 --> 00:00:35.160 You can filter Threat Library results by TLP designations. 5 00:00:35.535 --> 00:00:39.581 You can also use TLP designations to filter data when building exports. 6 00:00:41.041 --> 00:00:44.502 By default, TLP designations are not visible to users. 7 00:00:45.003 --> 00:00:51.051 TLP visibility can be enabled from the TLP page which can be found under the Threat Library dropdown menu. 8 00:00:51.885 --> 00:00:56.431 You can enable TLP viewing by clicking on the TLP Visibility toggle switch. 9 00:00:57.182 --> 00:01:02.645 Setting the toggle switch to enabled will allow users to view TLP designations throughout the platform. 10 00:01:03.438 --> 00:01:09.486 ThreatQ supports TLP 2.0 and offers six different designations that are identified by color. 11 00:01:10.070 --> 00:01:14.449 Red marks information as not for disclosure and restricted to participants only. 12 00:01:14.741 --> 00:01:20.455 Amber Strict marks information as limited disclosure and restricted to the participant’s organization. 13 00:01:21.122 --> 00:01:27.295 Amber marks information as limited disclosure and restricted to the participant’s organization and its clients. 14 00:01:28.421 --> 00:01:32.509 Green marks information as limited disclosure and restricted to the community. 15 00:01:33.009 --> 00:01:36.471 And Clear marks information as disclosure is not limited. 16 00:01:37.597 --> 00:01:40.767 There are several ways to set a TLP designation for a source. 17 00:01:41.434 --> 00:01:47.107 On the TLP tab, you can set default designations for a source using the dropdown menus provided. 18 00:01:47.982 --> 00:01:53.696 It’s important to note that this setting will only be applied to objects created after setting this option. 19 00:01:54.322 --> 00:01:59.244 Setting the default TLP will not update the TLP designations for existing objects. 20 00:02:02.038 --> 00:02:09.379 You can manually change the TLP designation for a source of a single object by clicking on the source on the object’s details page. 21 00:02:18.471 --> 00:02:23.101 You can also set a TLP Designation when using the add new source feature. 22 00:02:23.852 --> 00:02:28.064 Or when selecting an existing source with no set TLP designation. 23 00:02:33.945 --> 00:02:37.532 The ThreatQ TLP Assignment Hierarchy is as follows. 24 00:02:38.449 --> 00:02:42.203 Starting with the lowest precedence is when a source has no default TLP. 25 00:02:42.579 --> 00:02:45.874 This is when a TLP designation has not been set for a source. 26 00:02:46.291 --> 00:02:52.005 Next is Source Default. This is when a source default has been set on the TLP management tab. 27 00:02:52.380 --> 00:02:57.802 Next is source provided data. This is when TLP information is received from ingested data. 28 00:02:58.303 --> 00:03:01.639 And Manually setting a TLP setting has the highest precedence. 29 00:03:02.056 --> 00:03:13.359 This occurs when a user utilizes the add new source option and selects a TLP designation or manually selects a TLP designation for an existing source with no default TLP. 30 00:03:15.612 --> 00:03:25.079 To update TLP designations for multiple existing objects, you can run an artisan command to update your system to match TLP defaults set on the TLP page. 31 00:03:25.413 --> 00:03:31.586 Specifically attributes and sources that were added to the threat library prior to your organization using TLP. 32 00:03:32.295 --> 00:03:40.970 Exercise caution when using this command as it will override previously saved TLP configuration settings, including ones set by users. 33 00:03:41.554 --> 00:03:46.768 This command can be found under the Command Line Interface section on the ThreatQ Help Center. 34 00:03:47.393 --> 00:03:55.944 You can also run another artisan command to update all object and attribute sources that have TLP settings stored as an object attribute. 35 00:03:56.569 --> 00:04:03.409 This is commonly used when importing or migrating data which has TLP attributes but no default TLP setting. 36 00:04:04.118 --> 00:04:10.041 This command can also be found under the Command Line Interface section on the ThreatQ Help Center.