Intel Submissions is the process of adding or sharing new threat intelligence data such as, IOCs, tactics, techniques, procedures, threat actors, malware signatures, or vulnerability details for analysis, correlation, and distribution. This helps to detect, investigate, and respond to threats more effectively.
The Submissions by Users tab helps you to view and analyze all the incoming intel. You can view the submitted intel details, their severity (critical, high, medium, low) and filter the intel by specific date range that is last 1 day, last 7 days, last 1 month, last 3 months, and last 1 year.
Adding New Intel
To add new intel, Organization admins have to follow these steps:
- On the Seqrite Threat Intel portal, click Submissions by Users in the left pane.
- On the Submissions by Users page, click + Add Intel.
- Enter Incident Basic Details, that are Title, Incident Date, Intel Category and Description, and click Add IOC Manually.
- Enter IOC details that are, IOC Type, IOC Classification, IOC Volume, Severity, Deviec Type/Source, Adversary Name, Adversary Type, Tag, and click Add.
- If you want to review the intel before submission, click Save else click Submit.
The Add New Intel page is displayed.
This provision is also available to Organization Admins and Organization Analysts.
Bulk Upload of IOCs
You can upload multiple/bulk IOCs at once. You can download a CSV template, fill in IOC details and upload.
Note: Supported file type is .CSV only.
To bulk upload IOCs, follow these steps:
- On the Seqrite Threat Intel portal, click Submissions by Users in the left pane.
- On the Submissions by Users page, click + Add Intel.
The Add New Intel page is displayed. - Enter Incident Basic Details that are, Title, Incident Date, Intel Category, and Description and then click Bulk Upload IOC.
- Click Download CSV Template to download the template.
- Enter IOC details in the CSV file and upload the file.
The Bulk Upload IOCs screen is displayed.
Edit Intel
You can edit or delete intel and IOCs only while they are in draft stage.
To edit the intel, follow these steps:
- On the Seqrite Threat Intel portal, click Submissions by Users in the left pane.
- Click the intel with Draft status.
- Edit the details and click Submit.
- To edit the IOC, select the IOC you want to edit and click Edit.
- Edit the IOC details and click Update.
- To delete the IOC, select the IOC and click Delete.
The Edit Intel page appears.
Viewing the Submitted Intel
You can view the intel submissions details such as severity (Critical, High, Medium, Low) highlighted with the color codes, Sub ID (Submission ID), Intel ID, title, reported on, approved on, and the status in the tabular format.
To view the details of each intel, follow these steps:
- On the Seqrite Threat Intelligence portal, click Submissions by Users in the left pane.
- On the Submissions by Users page, select the intel and click the > icon.
- The intel submission details page displays the following details:
- Primary Information: For example, APT Category (Category, Name, Source IP, Description, APT Name, IOC Type, IOC Name)
- Linked IOCs and corresponding details.
Filtering the Submitted Intel
You can filter the intel submissions list to refine results based on submission ID, intel ID, submission title, reported on, approved on, and submission status.
To filter the intel submissions list, follow these steps:
- On the Seqrite Threat Intel portal, click Submissions by Users in the left pane.
- On the Submissions by Userss page click
. - Enter the details that are, submission ID, intel ID, submission title, reported on, approved on, and submission status and then click Apply.
The system displays filtered data.
Exporting Intel Submissions as a CSV
You can download all the intel submissions currently visible on the page in the CSV format.
To export/download intel submissions, follow these steps:
- On the Seqrite Threat Intelligence porta, click Submissions by Users in the left pane.
- On the Submissions by Users page click Export CSV.