Set half-life values
About half-life
Half-life represents the amount of time it takes for a threat to lose half its intelligence value.
It corresponds to the number of days it takes for the malicious potential of a threat to decay by 50%.
Half-life represents the amount of time it takes an entity to lose half its intelligence value.
It corresponds to the number of days it takes the intelligence value of a malicious entity to decay by 50%.
When configuring an incoming or an outgoing feed, you can set a half-life value in days for the following entity types:
Campaign
Course of action
Exploit target
Incident
Indicator
TTP
Threat actor
Report
To set a half-life for one or more of these properties, do the following:
Enter a numerical value in the entity property input field(s) you want to flag with a half-life value in days.
To store your changes, click Save; to discard them, click Cancel.
About user overrides
User-defined override key/value pairs are stored in the meta field of an entity JSON data structure.
Override fields in the meta field have precedence over:
The corresponding original fields inside meta.
Their corresponding override fields stored inside the sources field of an entity JSON data structure.
|
Affected parameter |
Half-life value (in days) |
|
Override field |
meta.half_life_override |
|
Superseded field(s) |
meta.half_life_original sources.half_life_override |
|
Description |
Stores the override value a user can manually define when editing an entity in the entity editor or inside the entity detail pane. |