Threat Library
Threat Library is now a legacy experience
The Threat library module's functionality is being replaced by the Campaigns and Threat Actors modules in the new Intelligence Hub platform. Threat Library will remain available to existing customers for the time being.
The Intelligence Hub > Threat Library is a researched, organized, searchable library about known threat actors, malware, and campaigns (cyberterms).
From the Threat Library page, you can find details on cyberterms and related information and see information in the IOCs (indicators of compromise), Investigation, and IntelliFind pages.
Incident response teams and researchers can use the Threat Library to research and investigate, spot trends, and gain contextual intelligence regarding threats targeting geographic regions, including threat actor engagement and reconnaissance.
You can upload documents to existing cyberterms for your own, internal needs. This can turn the Threat Library into your internal knowledgebase of threat information.
Cyberterm tiles are sorted by most recent update date. The page above is also filtered by target sector.
You can search by company, industry, the trending threat actors, malware, and campaigns, and by names of attached files.
You can also filter by the following:
| To find threats that match this | Use this filter |
|---|---|
| Targeted sectors | Target Sector Select sectors (or General ). |
| Targeted country | Target Country Select countries (or Global) |
| A specific type of threat | Type Select Malware, Threat Actor, or Campaign. |
| Within a date range | Report Date Select the date range. |
| Geographic origin of the threat | Origin Select countries. |
| A specific TTP | TTP Select TTPs. |
| Threats that you have marked for monitoring | Monitored Select Show only monitored cyber terms. |
| Cyberterms related to specific MITRE techniques | MITRE Technique Select techniques. |
| Attachments | With Attachments Select to find only cyberterms to which attachments have been uploaded. |
When you filter, you'll see how many cyberterms match your filter. For your convenience, filters are persistent over sessions; the display will be filtered the same way until you change the filters.
Each cyberterm tile shows several overview details. To see the full details, click the cyberterm tile.
Additional details you can view are explained in the following table:
| Field | Description |
|---|---|
| Type | The type of cyberterm, which will be a campaign, a threat actor, or malware. |
| Origin | Geolocation from where they operate. |
| IntelliFind trend | The IntelliFind trend graph of mentions of this cyberterm. |
| Monitoring | Turn monitoring on or off. When a cyberterm is being monitored, an email will be sent any time the term is updated. |
| Severity | The IntSights severity. |
| Attachment | If an internal document is attached to the term it will show here. |
Monitored threats
Based on user settings in My Profile > Notifications, you can receive email notifications for new threats of specific severities.
When you monitor a specific cyberterm, you will also be notified for all changes about that cyberterm.
To turn monitoring on (or off):
- From the Threat Command main menu, choose Intelligence Hub > Threat Library.
- Search for the cyberterm that you want to monitor.
The cyberterm is displayed. - Click the envelope icon to turn monitoring on (or off).
Upload documents to cyberterms
You can upload documents to existing cyberterms, and then preserve and manage that information within your own Threat Library knowledgebase.