Threat Library
The Threat Command Threat Library is a researched, organized, searchable library about known threat actors, malware, and campaigns (cyberterms).
From the Threat Library page, you can find details on cyberterms and related information and see information in the TIP IOCs, Investigation, and IntelliFind pages.
Incident response teams and researchers can use the Threat Library to research and investigate, spot trends, and gain contextual intelligence regarding threats targeting geographic regions, including threat actor engagement and reconnaissance.
You can upload documents to existing cyberterms for your own, internal needs. This can turn the Threat Library into your internal knowledgebase of threat information.
Cyberterm tiles are sorted by most recent update date. The page above is also filtered by target sector.
You can search by company, industry, the trending threat actors, malware, and campaigns, and by names of attached files.
You can also filter by the following:
| To find threats that match this | Use this filter |
|---|---|
| Targeted sectors | Target Sector Select sectors (or General ). |
| Targeted country | Target Country Select countries (or Global) |
| A specific type of threat | Type Select Malware, Threat Actor, or Campaign. |
| Within a date range | Report Date Select the date range. |
| Geographic origin of the threat | Origin Select countries. |
| A specific TTP | TTP Select TTPs. |
| Threats that you have marked for monitoring | Monitored Select Show only monitored cyber terms. |
| Cyberterms related to specific MITRE techniques | MITRE Technique Select techniques. |
| Attachments | With Attachments Select to find only cyberterms to which attachments have been uploaded. |
When you filter, you'll see how many cyberterms match your filter. In the figure above, 151 cyberterms match the filter.
For your convenience, filters are persistent over sessions; the display will be filtered the same way until you change the filters.
Each cyberterm tle shows several overview details. To see the full details, click the cyberterm tile.
In addition to the obvious details, you can also see:
| Field | Description |
|---|---|
| Type |  campaign malware threat actor |
| Origin | Geolocation from where they operate |
| IntelliFind trend | The IntelliFind trend graph of mentions of this cyberterm |
| Monitoring | Turn monitoring on or off. When a cyberterm is being monitored, an email will be sent any time the term is updated. |
| Severity | The IntSights severity |
| Attachment | If an internal document is attached to the term. |
Monitored threats
Based on user settings in My Profile > Notifications, you can receive email notifications for new threats of specific severities.
When you monitor a specific cyberterm, you will also be notified for all changes about that cyberterm.
To turn monitoring on (or off):
- From the Threat Command main menu, choose TIP > Threat Library.
- Search for the cyberterm that you want to monitor.
The cyberterm is displayed:
- Click the monitoring icon to turn monitoring on (or off).
Upload documents to cyberterms
You can upload documents to existing cyberterms, and then preserve and manage that information within your own Threat Library knowledgebase.