Map a Threat Exchange Business Rule to a Target
Map a Threat Exchange Business Rule to a Target
Write-access users can map a Threat Exchange business rule to a target. This section explains how to configure IoC sharing between the plugins (and therefore connected vendor systems). Make sure to identify the sharing requirements between systems in advance of configuration. The sharing filters (requires a business rule) allow for greater control over what data is shared with the plugin.
- Go to Threat Exchange > Sharing.
- Click Add Sharing Configuration.
- Select a Source Configuration, Destination Configuration, and Business Rule.
- Based on the selected Source Configuration, Destination Configuration list will be populated.
- Based on the selection of Destination Configuration, a list of Target will be populated. Select a Target that you want to map to the selected Business Rule.
- If the Target has some required parameters, user will need to add those.
- Click Save.
Adding a new sharing configuration will share the existing IoCs (matching business rule) of the Source Configuration to the Destination Configuration.
The sharing configuration is unidirectional by default: data obtained from one plug-in is shared with another plugged-in system. To achieve bi-directional sharing, configure both directions of sharing separately.
Note
Plugins that do not have API for ingesting data can not receive threat data. This is true of the installed plugin “API Source” which provides a bucket associated with an API endpoint for remote 3rd party systems to push data to.
