ThreatExchange

ThreatExchange UI Overview

This guide describes what you can do with the ThreatExchange UI. See the ThreatExchange API Reference for a comprehensive list of the ThreatExchange APIs and the related endpoints.


ThreatExchange UI Use Cases

  • People at various organizations want to share information about threats: malicious URLs, harmful content hashes, malware signatures, and so on.
  • A threat indicator is the objective part: a file hash, a URL, and so on, with a type (MD5, SHA1, URL, and so on).
  • A threat descriptor contains an indicator and the subjective parts: how malicious a team thinks it is, when they first saw it, and so on.
  • Meta privacy revolves around user IDs, ThreatExchange revolves around app IDs. For example, app ID 1064060413755420 is Media Hash Sharing Test. These are generally of the form Team T at company C.
  • When people share threat data, they can specify who they want to see each datum. This is referred to as a visibility or privacy type.
    • Visible/public means all ThreatExchange members can see it.
    • Or, for each datum the members can create an app-whitelist of specific teams at specific companies.
    • Or, for each datum the members can specify a privacy-group that is simply a predefined list of app IDs.
  • People can tag their descriptors. These are tags in any other tool, except that ThreatExchange tags have their own metadata, including the subjective parts that descriptors have, and they also have their own visiblity (public/app-whitelist/privacy-group).
  • There's more about threat descriptors (review status and others in the API) and other types of data shareable on ThreatExchange. For the purpose of this walkthrough, we're focused on indicators, descriptors, visibility, and tags.

Find the UI

Navigate to https://developers.facebook.com/threat-exchange, below is an example program:


Search or Upload data using the UI

Navigate to the Signals tab (previously known as Descriptors tab)

Each upload is individually shown by owner, which can contain duplicate signals. Search behavior changes slightly when searching aggregate or individual uploads. The aggreggated view when toggled, aggregates opinions by signal.

Individual signals view

Aggregated signals view

Select the visible columns for the table

Upload new signals

Publish Data Using the UI

See the Submit Data page for examples.

Feedback

Contact threatexchange@meta.com with any and all feedback on how we can better enable your success in using ThreatExchange.


Learn more about the UI Reference.