Working on the Redaction Library

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Redaction is the process of replacing sensitive information from shared data to protect confidentiality during intelligence sharing.

    Before you begin

    Role required: sn_sec_tisc.admin

    About this task

    This feature allows the you to redact or replace sensitive or personalized information with specific values.

    Within the outbound intelligence sharing record, you can apply redaction library to automatically filter out specific attributes or content before the payload is generated.

    In Threat intelligence sharing, the sensitive information which is defined as redaction category values, and is replaced with the corresponding redaction category.

    This is especially useful when sharing data with external organizations, where only the relevant and non-sensitive information should be disclosed.

    By leveraging the Redaction Library feature, TISC administrators and analysts can define reusable redaction configurations and apply them consistently across multiple sharing templates.

    Procedure

    1. Navigate to Workspaces > Threat Intelligence Security Center.
    2. Select Administration icon on the workspace.
    3. Go to Outbound Intel Sharing.
    4. Select Redaction Library.
      The Redaction Library list view is displayed.
    5. Select New.
    6. On the form, fill in the fields.
      Field Description
      Redaction Category Specify the redaction category for the outbound intelligence sharing record.
      Status The status of the redaction category. By default, all the redaction categories are enabled. However, you can choose to disable a specific redaction category.
    7. Click Save.
    8. Go to Redaction Category Values section.
    9. Select New to create Redaction Category Value record.
      FieldDescription
      Redaction Category Indicates the redaction category.
      Few examples of Redaction Category are as follows:
      • IP Address (IPv4/IPv6)
      • Organization_Name
      • Domain Name
      • Email Address
      • Identification_Number
      Value Indicates the value that needs to be redacted.
    System Property for Redaction Library:
    Name Description
    sn_sec_tisc.case_sensitive_for_redaction This property enables or disables case sensitivity when applying redaction to shared intelligence.
    Default: Disabled (false), meaning redaction is case insensitive by default.
    Note:
    By default, this property is disabled making the redaction case insensitive. For example, Service_Now and service_now would both be redacted equally. Enabling it (true) means the redaction will only apply if the case matches exactly.
    1. Select Save.