User Guide - Configuration

Synapse Administrators can use the vertex-threat-intel Configuration Workflow to manage access (permissions) to the Power-Up and optionally configure certain default values.

../../_images/config_01.png

See the Admin Guide for additional information.

Grant Permission to the Power-Up

You can specify the roles and / or individual users who can use the Power-Up using the Add Role and Add User buttons respectively.

../../_images/perms_01.png ../../_images/perms_02.png

Set Default Options

You can optionally specify default values to use when certain nodes are created:

  • threat clusters (risk:threat nodes), and

  • tools (risk:tool:software nodes).

Tip

Click the Save button after making any changes to save your configuration.

../../_images/default_01.png

Default Reporting Organization Name

Enter the organization name that will be suggested as the reporter value when creating a threat cluster or tool (risk:threat:reporter:name or risk:tool:software:reporter:name):

../../_images/default_02.png

Tip

This value will be suggested (pre-populated with your specified name), but the user can modify it when creating the node:

../../_images/default_03.png

Default Tag Format for Threat Clusters or Tools

Enter a format string for the value that will be used as the tag property when creating a new threat cluster (risk:threat:tag):

../../_images/default_04.png

or tool (risk:tool:software:tag):

../../_images/default_05.png

Note

This value is the tag that analysts will apply to nodes associated with the threat cluster or tool.

The format can specify a combination of literal strings and Storm expressions. The “example” format strings shown above will create tags that combine the literal string rep with the value specifed for the reporter name (risk:threat:reporter:name or risk:tool:software:reporter:name) and the value specified for the attributed to value (for threats - risk:threat:org:name) or the name value (for tools - risk:tool:software:soft:name).

For example, creating a threat cluster with reporter vertex and attributed to vicious wombat will generate and set a tag value of rep.vertex.vicious_wombat.

Note

When the threat cluster or tool is created, the Workflow will set the :tag property and create the associated syn:tag node.

Type enforcement for syn:tag nodes applies - any dashes or spaces that appear within tag elements (e.g., vicious wombat) will automatically be converted to underscores (_).

If you use a default tag configuration, note that currently the default value cannot be modified when the new threat cluster or tool is created. Users can change the value later through the object’s DETAILS tab.