Add and Manage Threats

You may find that the Threat Community does not have the threat you are looking for, or your organization wants to monitor for specific indicators. You can add your own threats, or copy and edit existing threats to suit your needs.

Add Your Own Threat

To add your own threat:

  1. In your Threat Feed, select Add Threat in the top right corner.
  1. A panel will appear on the right. Name your threat, add indicators, upload relevant files, and choose the level of access for the threat.
    • Manually enter indicators or upload indicators from an external source. InsightIDR supports CSV and STIX XML at this time.
  2. Decide whether or not this threat will be private or public. Threats are private by default.

Add and manage threats

  1. Click Save.

Manage Threats

You can copy public or owned threats. You can then edit them to suit your needs, if desired.

To do so:

  1. Click View on a threat from the threat feed.
  2. In the upper right hand corner, select Copy.
  3. The page will reload with the new threat with the title "Copy of [Original Threat Name]".
  4. To edit the threat, select the Pencil icon. You can edit all of the fields of the threat to add or remove data at will.

You can also export threat data in the form of a CSV file.

To do so:

  1. Click View on a threat from the threat feed.
  2. In the upper right hand corner, select Export.
  3. The file will download.