ThreatExchange UI Descriptors Tab


You have multiple ways to search for ThreatDescriptors (and more to come -- see status here):

Search results are rendered as a table. You can view (or clone) ones you do not own, or edit ones you do own:

Details are shown in a popup -- here is a descriptor owned by another app:


When you click Edit on a descriptor your app owns, you are able to mutate all editable attributes, with tooltips to provide context. (ID, indicator text, and indicator type are immutable after a particular descriptor is created.) Note: reactions and connections are not exposed yet in the UI -- see status here.

Downloading as CSV/JSON

You can download query results as CSV or JSON:

If you like, you can edit the CSV/JSON outside of the ThreatExchange UI and then re-upload the modified file to the ThreatExchange UI as one way of updating your data.


Using the Create button you can upload a new descriptor, with tooltips to provide context:

Note : If you set a descriptor's privacy to has-whitelist and include no whitelist apps, the owner's app is automatically included. This is a "visible to self" or "storage mode" option.

Uploading from CSV/JSON

Please see the Submitting Data page for file formats, examples, and more.