ThreatExchange Resharing Controls

All submissions to the ThreatExchange API allow for defining how the data can be reshared by its recipients. The level of resharing is applied via the share_level attribute.

You can specify the desired reshare setting on an object at the time of a create or edit submission to the API. While you can retroactively change resharing settings, those changes are not pushed as updates to members who have already accessed the data.

Resharing Options via share_level

The resharing definitions adopted by ThreatExchange are derived from those definied in the US-CERT's Traffic Light Protocol. They have been adapted to accomodate the realities of re-sharing within large corporations with complex subsidiary relationships.

The exact definitions of the permitted values in the share_level attribute are defined in the ShareLevelType.

Set Resharing (Examples)

The following examples are submissions of a new malicious domain to ThreatExchange. In each example, we define which resharing level is permitted.

Specify Resharing Using the UI