About workspaces

Private and public workspaces are containers that help you structure and organize objects under investigation, tasks, and collaboration efforts with team members and colleagues.

As your daily tasks and your workload expand and become more complex, you may want to introduce more structure to avoid drowning in a swamp of cryptic scribbled notes and dangling post-it messages.
Workspaces help you organize your workload to keep it manageable and efficient.

Workspaces are containers that hold things neat and tidy. They enable you to label and categorize your work, to isolate subsets of tasks and objects so that you can zero in on them with more focus and less noise, and to collaborate with team members and other colleagues by exchanging information, calls for action, requests, and so on.

Workspaces provide an easy access to the tools and the datasets you use in your daily work:

  • Threat overviews

  • Datasets

  • Graphs to visually examine threat relationships

  • Any relevant files you may want to check or keep ready at hand for reference

  • Comments and feedback from other colleagues, as well as tasks assigned to you or that you can assign to other workspace collaborators.

About workspace access control

Before inviting other Intelligence Center users to join a workspace and to become collaborators, it is a good idea to double-check their permissions.
Workspace collaborators should share identical or at least compatible sets of permissions as for the data sources and the TLP color they are granted access to.

If workspace collaborators have different levels of access to the Intelligence Center resources, it may reflect in their ability to view workspace objects: that is, they may not be able to all view exactly the same items in the workspace.
For example, if some workspace collaborators do not have access to a specific data source or to a TLP level, they may not be able to view any workspace entities belonging to that data source or flagged with that TLP color code.

This affects dataset and graph visibility as well: datasets and graphs inherit their access control rights from the workspace they belong to.
Only workspace owners and collaborators can access datasets and saved graphs that belong to a workspace.

Workspace types

Workspace types are labels that help you keep your work in order.
You can assign types to workspaces to categorize them, and to describe their scope and purpose.
This action does not affect workspace features and functionality. You can change the workspace type at any time.

  • Generic: a generic workspace is a one-size-fits-all container to collect structured, semi-structured, and unstructured information without any specific focus.
    It can be handy as a temporary space where you store information and files that you are organizing in a more structured way.

  • Case: a case workspace is a structured container to organize intelligence on a case basis, for example use cases, or to explore cyber threat scenarios.
    For example, you can create a case workspace to group together entities, datasets, file attachments, and any existing graphs concerning a specific cyber attack, or targeting a specific victim, or suspicious activity originating from an IP address range related to the same email address.

  • Team: a team workspace promotes collaboration and knowledge sharing.
    It is a repository for all the intelligence and the tasks a team works on in their daily practice.
    Tasks help organize and distribute workload among the team members, as well as keep track of progress.
    Comments make it easy to review and share feedback share comments.
    Only workspace collaborators can access files, graphs, and other data saved to the workspace.

  • Topic: a topic workspace can be as large and generic or as small and focused as you need.
    It helps you drill down on a very specific threat you want to investigate; or it can focus on a broader area of interest to group intelligence related to prevention, detection, or to threat assessment, or to gather information on equipment, actions, and individuals involved with an APT group.

Listed and unlisted workspaces

You can toggle workspace visibility and access rights to either allow only workspace collaborators to view and access them, or to enable any signed-in Intelligence Center user to access the workspace dashboard with summary information about the workspace and graphs or entities pinned to the dashboard.

This approach provides granular control over access to workspace datasets, graphs, and tasks: users can better manage who they share the data with, and organizations can ensure secure and confidential collaboration around sensitive data in the Intelligence Center.

Listed workspaces are partially public: any signed-in Intelligence Center user can view them on the workspace overview.
These users can view the workspace dashboard with basic information about the workspace. However, they cannot retrieve workspace assets such as saved graphs, datasets, file attachments, collaborator comments and tasks.
Only workspace collaborators can access the workspaces they are collaborators of to open, edit, and save graphs, upload and download file attachments, write comments, assign and pick up tasks.

Unlisted workspaces are private: only workspace collaborators can view and access them to retrieve assets such as saved graphs or file attachments.
Signed-in Intelligence Center user cannot view or access unlisted workspaces.

Workspace owners and collaborators

The user who creates a new workspace becomes by default the workspace owner.
Workspace owners and collaborators have the same read and write access rights to the workspace and its assets: they can open, edit, save, and delete graphs, datasets, and tasks they either created or are assigned to.