Add and Manage Threats

You may find that the Threat Community does not have the threat you are looking for, or your organization wants to monitor for specific indicators. You can add your own threats, or copy and edit existing threats to suit your needs.

Add Your Own Threat

  1. On the Community Threats tab of the Detection Rules page, select Add Threat in the top right corner. Add threat
  2. A panel will appear. Name your threat, add indicators, upload relevant files, and choose the level of access for the threat.
    • You can manually enter indicators or upload indicators from an external source. InsightIDR supports CSV and STIX XML at this time.
  3. Decide whether this threat will be private or public. Threats are private by default. Making the threat public will publish it to the Threat Community feed.
  4. Click Save.

Manage Threats

You can copy public or owned threats. You can then edit them to suit the needs of your organization.

To do so:

  1. Click View on a threat from the threat feed.
  2. In the upper right hand corner, select Copy.
  3. The page will reload with the new threat with the title "Copy of [Original Threat Name]".
  4. To edit the threat, select the Pencil icon. You can edit all of the fields of the threat to add or remove data at will.

You can also export threat data in the form of a CSV file.

To do so:

  1. Click View on a threat from the threat feed.
  2. In the upper right hand corner, select Export.
  3. The file will download.