Back to Documentation

Soltra Edge Object Detail

Object Detail is a human readable form of a STIX object. Soltra Edge shows the most commonly used attributes of the STIX schema in Object Detail. Object Detail is used to go deeper into understanding an object, where it is from, the time it was uploaded to your appliance, and finding context amongst many other options.

To access Object Detail, select “Search” from the top navigation bar.

 

Select any object from the Search page.

 

This page is a human readable form of the object.

 

At the top of the page you see the “ID” of the object.

 

Below the object ID you see “Summary”.

 

“Summary” gives you “Title”, “Type”, and “Value”.

“Title” is the headline of the object.

“Type” may be an IP Watchlist, Domain Watchlist, File Hash Watchlist, etc.

“Value” is shown in Observables. It is the information the producer adds when creating the Observable. This can be an IP address, or a domain, etc. It is up the producer of the object to input the “Value” information which is displayed.

 

Below “Summary” you have “Description”.

 

“Description” shows a “Short” and “Long” description of the object.

The “Short Description” is a brief explanation, an elevator pitch, or an executive summary.

The “Long Description” is where you read the significance, meat of the story, or full details.

 

The last area on the left side of the page shows you Type, Title, and ID.

 

These are the technical details of the object which would be used in security infrastructure, like a SIEM.

 

Moving to the right side of the page you see the “About” area.

 

About shows you “Added by”, “On”, TLP Color”, and “Tags”.

“Added by” shows who uploaded/created the object. In the screenshot above, we see “admin” uploaded the object

“On” describes the moment the object was created, uploaded, or polled on the appliance.

“TLP Color” shows the TLP color of the object.

Notice the * next to color. If you select this * the “About” area expands showing you “STIX TLP” and “AIS TLP”.

 

Also hovering your mouse over the TLP color of “White” in the “TLP Color” field displays a popup indicating that “This is the most restrictive TLP” over this information which sets the sharing protocols for this particular object.

 

Many TLP’s can apply to an object. The most restrictive is shown in STIX TLP, and that is the TLP color that is used for making access control decisions.

 

“Terms and Conditions” is below “About”. The producer of the data is responsible for indicating any terms and conditions for the object polled/uploaded.

 

“Handling Caveats” allows the producer of the data to input a classification level for the object - things like “unclassified” or “FOUO”, etc.

 

“Details” will provide more detail into the object like “producer”.

 

“Matching Content” will display IDs of similar content in your database.

 

The last area on the right side of the page is “Referenced By”. This area will show you other STIX objects that declare a relationship to the object.

 

Other Views

Object Detail does provide other views into the object.

HTML view shows you an exploded HTML view of the object and can show other attributes that are not shown on the human readable view of the Object Detail page.

Select the blue “HTML” button at the top of the page and ensure you select the “toggle all..” link on the page.

 

An XML of the object is also provided. To download an XML of the object, select the blue “XML” button at the top of the page.

 

This will download the XML object to your downloads folder. You can open this and view it with any text editor.

 

The last view option on the “Object Detail” page is “Builder View”.

“Builder View” allows you to see other attributes not displayed in the default “Object Detail” page in a read-only mode.

To access “Builder View” select the blue “Builder View” button at the top of the page.

 

You can edit an object that you created from “Object Detail” page.

Select the orange “Builder Edit” button to display the edit page for your object.

 

Revoking an object you created is possible on the “Object Detail” page. To revoke an object, select the red “Create Revoke” and a revocation will be sent to anyone that is polling your feed and has this object in their system.

 

Tagging and Activity actions are displayed on the “Object Detail” page.

 

To learn more about Tags and Activity, please see the following documentation pages:

Tags - http://soltra.com/en/soltra-edge-settings/soltra-edge-tags/

Activity - http://soltra.com/en/soltra-edge-settings/soltra-edge-activity/

 

 

For more information, join the conversation in the Soltra Edge Forums at forums.soltra.com.