Graph API Version

ThreatExchange Re-sharing Controls

All submissions to the ThreatExchange API allow for defining how the data can be re-shared by its recipients. The level of re-sharing is applied via the share_level attribute.

The desired re-share setting on an object can be specified at the time of a create or edit submission to the API. While re-sharing settings can be changed retroactively, those changes will not be pushed as updates to members that have already accessed the data.

Re-sharing Options Via share_level

The re-sharing definitions adopted by ThreatExchange are derived from those definied in the US-CERT's Traffic Light Protocol. They have been adapted to accomodate the realities of re-sharing within large corporations with complex subsidiary relationships.

The exact definitions of the permitted values in the share_level attribute are defined in the ShareLevelType.

Setting Re-sharing Examples

The following is an examples are submissions of a new malicious domain to ThreatExchange. In each example, we define which re-sharing level is permitted.

Allowing Re-sharing to Anyone, Including Public Channels

POST https://graph.facebook.com/v2.8/threat_indicators?access_token=555|aSdF123GhK

  indicator=evil-domain.biz
  &type=DOMAIN
  &threat_type=MALICIOUS_DOMAIN
  &status=MALICIOUS
  &description=This%20domain%20was%20hosting%20malware
  &privacy_type=VISIBLE
  &share_level=WHITE

Limiting Re-sharing to Established, Non-public Channels

POST https://graph.facebook.com/v2.8/threat_indicators?access_token=555|aSdF123GhK

  indicator=evil-domain.biz
  &type=DOMAIN
  &threat_type=MALICIOUS_DOMAIN
  &status=MALICIOUS
  &description=This%20domain%20was%20hosting%20malware
  &privacy_type=VISIBLE
  &share_level=GREEN

Limiting Re-sharing to Select Members And Their Related Entities With A Need to Know

POST https://graph.facebook.com/v2.8/threat_indicators?access_token=555|aSdF123GhK

  indicator=evil-domain.biz
  &type=DOMAIN
  &threat_type=MALICIOUS_DOMAIN
  &status=MALICIOUS
  &description=This%20domain%20was%20hosting%20malware
  &privacy_type=HAS_WHITELIST
  &privacy_members=555
  &share_level=AMBER