Secure60 - Custom Tags:

Custom Tags are an advanced feature of Secure60 that enables powerful customisation of platform experience. Custom Tags can be used to configure a variety of platform features such as:

• Creating custom dynamic values for specific fields (For example adding your own Threat State stages to a Threat)
• Configuring system events to trigger on specific scenarios such as executing a notification or adding a Threat Note to a Threat

Secure60 - Custom Tag Definitions:

threat_

• This referes to fields of the Threat Object (Threat Detail)
• A range of fields are supported to be appended to the type (Eg threat_group) which will create values that show up in the dropdowns and reports related to that fieldname
  • group - Threat Group field is used to allow Threats to be placed into various groups (Eg L1 Support, L2 Support) so that resources can work on individual queues
  • state - Threat State field is used to classify the stage or progress of a Threat in its resolution (Last state is always Closed)
  • outcome - Threat Outcome field is used to define what type of Threat was identified. This may be used to classify threats into Malicious or Benign for example
• The value of the Tag can be any text string that will then be displayed in the dropdown

notification_

• Notifications will trigger when a specific object is updated with a specific value. This can send an email to an email address when the specific event happens
• The format of the type field is notification_ + object (Eg threat which will trigger on changes to Threats. Full type data is then: notification_threat)
• The value field of a notification has a specific format that allows the system to detect a match for a specific scenario
  • Example value data: {"component":"group", "value":"25", "email":"test@example.com"}
    • component is the fieldname that will be matched. This must be provided.
    • value is the contents of the fieldname that will be matched. This is optional.
    • email the email address that a notification will be sent to
• group - Targets the Threat Group field
• state - Targets the Threat State field
• All fields associated with an object are supported

threatnote_threat

• The system has the ability to automatically document key activities when resolving a Threat. This allows the Threat Timeline in a Threat object to be updated when key events occur.
• The format of the type field is threatnote_threat
• The value field of a notification has a specific format that allows the system to detect a match for a specific scenario
  • Example value data: {"component":"group", "value":"25"}
    • component is the fieldname that will be matched. This must be provided.
    • value is the contents of the fieldname that will be matched. This is optional.
• group - Targets the Threat Group field
• state - Targets the Threat State field
• All fields associated with an object are supported