About TLP overrides
Override TLP overwrites the TLP color code associated with the feed entities with the one you set here.
The selected TLP value is assigned to all the entities in the feed.
You can override the original or the current TLP color code of an (uploaded) entity, an incoming feed, or an outgoing feed.
TLP overrides have precedence over the original entity TLP value.
TLP overrides always supersede the original TLP value assigned to an entity, regardless of the TLP override being more or less restrictive than the original TLP value.
About user overrides
User-defined override key/value pairs are stored in the meta field of an entity JSON data structure.
Override fields in the meta field have precedence over:
The corresponding original fields inside meta
Their corresponding override fields stored inside the sources field of an entity JSON data structure.
|
Affected parameter |
TLP color code |
|
Override field |
meta.tlp_color_override |
|
Superseded field(s) |
meta.tlp_color_original sources.tlp_color_override |
|
Description |
Stores the override value a user can manually define when editing an entity in the entity editor or inside the entity detail pane. |
User overrides
Users can manually override these attributes with a manual edit:
Source reliability
Half-life
TLP
Users cannot override timestamps.
Understanding entity overrides
Entity override actions can affect the originally ingested values of the following entity attributes:
Timestamp
Source reliability
Half-life
TLP
Aggregation override
When an entity refers to multiple sources, multiple values for an attribute are aggregated into one resulting value:
Source reliability, TLP, and half-life values depending on the a configuration settings.
Multiple values for these attributes are aggregated to produce a resulting value.
This aggregated value is applied to update the entity attributes.
Aggregation override affects the following entity attributes:
Source reliability
Half-life
TLP