Configuring Threat Intelligence External Sharing
Threat Intelligence external sharing in TISC outlines the guidelines and functionalities for both automated and sharing from GUI of threat intelligence within and across organizations. This feature focuses on key areas such as sharing exclusion rules, approvals, data retention, and auditing to confirm secure, compliant, and efficient intelligence sharing.
External Sharing of Threat Intelligence with Threat Intelligence Security Center (TISC)
Key features of external sharing of threat intelligence with TISC
- Sharing Templates: Templates allow control over which entities and fields are included in shared intelligence, ensuring only relevant data is disseminated.
- Approval Rules for Sharing: Administrators can configure approval rules for both outbound and inbound intelligence, enabling robust management of approval workflows.
- Redaction Capabilities: Analysts have the ability to redact sensitive information from shared intelligence, with easy options to toggle redaction on or off.
- Audit Capabilities: Every intelligence sharing action is audited, capturing details including the sender, recipient, timestamp, and shared content to ensure full compliance and traceability.
- Data Retention Policies: Shared intelligence and related audit logs are retained per compliance requirements, with defined rules for archival and destruction of various record types.
- TISC to TISC Exchange: Mechanisms for efficient, bi-directional intelligence exchange between Threat Intelligence Security Center (TISC) instances.
- User and Group Management for TAXII: Defines TAXII users and groups by managing their access to collections, and maintaining secure data exchange protocols.