ThreatExchange UI Descriptors Tab

See also

Information on column/attribute names.

You have multiple ways to search for ThreatDescriptors (and more to come -- see status here):

Search results are rendered as a table. You can view (or clone) ones you do not own, or edit ones you do:

Details are shown in a popup:

Downloading results

You can download query results as CSV or JSON:

Note that bulk upload is a to-be-implemented item (see status here).

Creating

Using the Create button you can upload a new descriptor, with tooltips to provide context:

Note : If you set a descriptor's privacy to has-whitelist and include no whitelist apps, the owner's app is automatically included. This is a "visible to self" or "storage mode" option.

Bulk uploading

Both CSV and JSON formats are supported.

To see the list of required columns, you can use the following CSV example.

td_description,td_status,td_confidence,td_severity,td_share_level,td_indicator_type,td_raw_indicator,td_visibility,td_subjective_tags,td_whitelist_apps Testing upload,NON_MALICIOUS,100,INFO,AMBER,URI,http://evilevil.biz,HAS_WHITELIST,testing, Testing upload,NON_MALICIOUS,100,INFO,AMBER,HASH_MD5,e8b19da37825a3056e84c522f05eb001,HAS_WHITELIST,pwny;testing, Testing upload,NON_MALICIOUS,100,INFO,GREEN,HASH_MD5,e8b19da37825a3056e84c522f05eb002,VISIBLE,testing, Testing upload,UNKNOWN,100,INFO,AMBER,HASH_MD5,e8b19da37825a3056e84c522f05eb003,HAS_WHITELIST,testing, Testing upload,NON_MALICIOUS,100,UNKNOWN,AMBER,HASH_MD5,e8b19da37825a3056e84c522f05eb004,HAS_WHITELIST,testing, Testing upload,UNKNOWN,100,INFO,AMBER,HASH_MD5,e8b19da37825a3056e84c522f05eb005,HAS_WHITELIST,testing, Testing upload: 7 of 10,NON_MALICIOUS,77,INFO,AMBER,HASH_MD5,e8b19da37825a3056e84c522f05eb006,HAS_WHITELIST,testing, Testing upload,NON_MALICIOUS,100,INFO,AMBER,URI,http://testing.testing.testing.org,HAS_WHITELIST,testing, Testing upload,NON_MALICIOUS,100,INFO,AMBER,HASH_MD5,e8b19da37825a3056e84c522f05eb009,HAS_WHITELIST,testing, Testing upload,NON_MALICIOUS,100,INFO,RED,HASH_MD5,e8b19da37825a3056e84c522f05eb007,HAS_WHITELIST,testing,

Alternatively, you can simply save any descriptor-query result to CSV and use that as a template (and likewise for JSON).

Start by selecting the Bulk Upload button:

Select your file:

If you wish to revise your data before committing you can do so:

If there are errors detected before committing you'll be notified, and you can revise them. (Note that not all possible errors are surfaced here.)

Within the revision dialog you can fix the errors and hit OK to continue:

Once you hit the Confirm Upload button, your new descriptors are saved and their IDs are entered into the search bar. At that point, you can further revise them if you like.

The following screen recording shows the revise-before-upload feature in more detail:

Something Went Wrong
We're having trouble playing this video.

Editing

When you click Edit you are able to mutate all editable attributes, with tooltips to provide context. (Note: reactions and connections are not exposed yet in the UI -- see status here.)