LogoLogo
Get Demo
  • 💫NEXT-GENERATION PRODUCT
    • Introduction
    • Getting Started
      • 1. Invite System Users
      • 2. Add Target Users
        • Add Users via CSV
        • Add users via SCIM
          • SCIM Setup in Azure AD
          • SCIM Setup in Okta
          • SCIM Setup in Onelogin
          • SCIM Setup in Jumpcloud
        • Add users via LDAP
        • Add Users via API
      • 3. Email Deliverability
        • Microsoft 365
          • M365: Direct Email Creation
          • M365: Whitelisting
        • Google Workspace
          • Google: Direct Email Creation
          • Google: Whitelisting
        • Exchange 2013 and 2016
      • 4. Track Opened Emails
      • 5. Allow Phishing URLs
        • Whitelist for Office 365
        • Whitelist for Google Workspace
        • Whitelist for Exchange 2013/2016
        • Whitelist in Security Solutions
      • 6. Setup Phishing Reporter
        • Step 1. Download Phishing Reporter
        • Step 2. Deploy Phishing Reporter
          • How to Deploy Add-In in Microsoft 365
          • How to Deploy Add-In in Exchange Admin Center
          • How to Deploy Add-In in Google Workspace
          • How to Deploy Add-In in Outlook
            • Troubleshooting Phishing Reporter Add-In on Outlook Desktop
      • 7. Incident Responder Setup
        • Step 1. Integrate Threat Intel Partners
        • Step 2. Mail Configurations
          • Microsoft 365
          • Google Workspace (Gsuite)
          • Exchange (EWS)
    • Platform
      • Dashboard
        • Dashboard Widgets
        • Incident Responder Widgets
        • Threat Sharing Widgets
        • Phishing Simulator Widgets
      • Threat Intelligence
      • Email Threat Simulator
        • Start Scan
        • View Scan Report
        • Create Trusted Account on Exchange
        • Start Scan on O365 Email Account
        • Start Scan on Google Workspace Email Account
      • Threat Sharing
        • Communities
        • Incidents
      • Phishing Simulator
        • Manage Phishing Scenarios
          • Phishing Scenarios
          • Email Templates
          • Landing Pages
        • Phishing Campaign Manager
        • Phishing Campaign Reports
        • Settings
          • DNS Services and Domains
          • Exclude IP Address
      • Callback Simulator
        • Manage Callback Scenarios
          • Callback Scenarios
          • Callback Email Templates
          • Callback Templates
        • Callback Campaign Manager
        • Callback Campaign Reports
        • Settings
          • Callback Phone Numbers
      • Vishing Simulator
        • Vishing Templates
        • Vishing Campaign Manager
        • Vishing Campaign Reports
      • Smishing Simulator
        • Manage Smishing Scenarios
          • Smishing Scenarios
          • Text Message Templates
          • Landing Page Templates
        • Smishing Campaign Manager
        • Smishing Campaign Reports
        • Settings
          • Manage DNS and Domains
          • Exclude IP Addresses
      • Quishing Simulator
        • Manage Quishing Scenarios
          • Quishing Scenarios
          • Quishing Templates
          • Quishing Landing Page Templates
        • Quishing Campaign Manager
        • Quishing Campaign Reports
        • Settings
          • DNS and Domains
          • Excluding IP Address
      • Awareness Educator
        • Training Library
        • Enrollments
        • Certificates
        • Training Reports
        • Training Completion Queries
      • Incident Responder
        • Incident Responder Dashboard
        • Investigations
        • Integrations
        • Playbook
        • Mail Configurations
          • Microsoft 365
          • Exchange
          • Google Workspace
        • Cross Company Integration
      • Phishing Reporter
        • Phishing Reporter Customization
        • Phishing Reporter Deployment
          • How to Deploy the Add-in in Microsoft 365
          • Phishing Reporter Page View Failure Due to Deprecated Exchange Online Tokens
          • Microsoft Ribbon Phishing Reporter
          • Microsoft Page View Phishing Reporter
          • How to Deploy the Add-in in Exchange Admin Center
          • How to Deploy the Add-in in Google Workspace
          • Phishing Reporter Announcement Email Template
        • Diagnostic Tool
        • Integrating Microsoft Phishing Reporting Button with Keepnet
        • Integrating Microsoft Defender with Keepnet Phishing Reporter
        • Troubleshooting Phishing Reporter on Outlook Desktop
      • Reports
        • Advanced Reports
        • Executive Reports
        • Scheduled Reports
        • Gamification Report
      • Company
        • Target Users
        • Companies
          • Company Groups
        • Company Settings
          • Privacy
            • Account Privacy
            • Data Privacy
          • AI Ally Settings
          • SMTP Settings
          • Direct Email Creation
            • Direct Email Creation for Google Workspace
            • Direct Email Creation for Microsoft 365
          • Notification Templates
          • Google User Provisioning
          • REST API
          • White Labeling
          • Proxy Settings
          • SAML Settings
            • How to Configure SAML on ADFS
            • How to Configure SAML on Google Workspace
            • How to Configure SAML on Azure AD
            • How to Configure SAML on CyberArk
            • How to Configure SAML on Okta
          • SCIM Settings
            • Getting Started with SCIM
            • Azure AD SCIM Integration
            • Okta SCIM Integration
            • Onelogin SCIM Integration
            • Jumpcloud SCIM Integration
          • SIEM Integrations
            • Splunk Integration
            • Syslog Integration
          • LDAP
          • Allowed Domains
        • System Users
          • People
          • Roles
        • Audit Log
        • Job Log
      • Free Phishing Email Analysis Service
    • Miscellaneous
      • Whitelisting
        • How to Whitelist an IP Address in Office 365
        • How to Whitelist an IP Address in Exchange 2013 and 2016
        • How to Whitelist an IP Address in Google Workspace
        • How to Whitelist in Mimecast
        • Whitelisting in Other Security Solutions
        • Whitelisting the Pictures on Microsoft Outlook Apps
        • Keepnet Tools Whitelisting Guidelines
        • Understanding Email Delivery Errors
        • Tracking Email Opens in Phishing Simulations
      • User Profile
      • Multi-Factor Authentication (MFA) Settings
      • On-Premise Requirement Checker
      • Platform Requirements
        • Portal UI Requirements
        • Phishing Reporter Requirements
        • Diagnostic Tool Requirements
      • Maintenance Tool
      • Understanding the Preferred Language Setting
  • 📚RESOURCES
    • Platform Security
    • Volume & Performance
    • Customer Help Desk
    • Product Update/Maintenance
    • Research Methodology
    • Release Notes
      • 2025
      • 2024
      • 2023
      • 2022
      • 2021
      • 2020
  • ⚖️Legal Hub
    • For Customers
      • Customer Terms of Service
      • Product Specific Terms
      • Jurisdiction Specific Terms
      • Data Processing Agreement
      • Regional Data Hosting Policy
      • Product and Services Catalog
      • Acceptable Use Policy
      • Keepnet Security Program
      • Microsoft CoPilot Usage Policy
    • For Everyone
      • Website
        • Terms of Use
        • Privacy Policy
        • Cookie Policy
      • Free Phishing Email Analysis
        • Terms of Service
        • Privacy Policy
      • Transparency Report
Powered by GitBook

Copyright © Keepnet Labs LTD. All rights reserved.

On this page
  • 6. FAQ
  • ‌Q: Can I hide my identity when I post an incident to a community?
  • Q: How do I launch an investigation to assess the threat at my company?
  • ‌‌Q: Is it possible to invite someone from a company that is not currently a client to join a community?
  • Q: Where are shared incidents stored?
  • ‌Q: What is the reliability of shared posts/incidents?
  • ‌Q: Are shared threats/incidents/posts human-verified?
  • Q: Is there any limit to the number of posts that can shared in a community?
  • Q: Is it possible to leave a community of which I am the owner? Can I transfer ownership?
  • Q: What is the reliability of shared posts/incidents?
  • 7. Use Cases
  • Use Case: Keep details private when posting an incident to avoid exposing confidential information
  • Use Case: Limit membership to a community
  • Use Case: Find communities related to a particular industry or sector
  • Use Case: There are no communities related to my sector. What can I do?
  • Use Case: Searching for specific incidents in the threat sharing database
  • Use Case: Assessing the threat of an incident
  • Use Case: Using invitations to grow a community and improve security posture
  • Use Case: Ensuring and enhancing the value of a community for the owner and members
  • Use Case: Defining the purpose of a community
  • Use Case: What action can community members take in response to a posted incident?
  • Use Case: The community has lost its way. How can it be saved?

Was this helpful?

Export as PDF
  1. NEXT-GENERATION PRODUCT
  2. Platform

Threat Sharing

PreviousStart Scan on Google Workspace Email AccountNextCommunities

Last updated 1 month ago

Was this helpful?

The Threat Sharing Community platform is an early warning system deployed across a network that provides inbox-level incident response and investigation capability, giving users maximum agility and reducing response time. Users have the ability to expand their threat intelligence reach by using their collective network knowledge, as well as reduce their costs and accelerate implementation of a response. Users can also preemptively initiate inbox investigations before suffering a malicious attack, which provides proactive protection. You can access the Threat Sharing module from the Dashboard > Threat Sharing.

6. FAQ

‌Q: Can I hide my identity when I post an incident to a community?

‌‌A: Yes. If you do not want to disclose your name and organization when , you can select the anonymous option offered in the preview section.

Q: How do I launch an investigation to assess the threat at my company?

A: When you see an incident posted and shared by a fellow member of a community, you can easily begin an investigation to determine potential risk to your firm by selecting the Investigate option. You will be prompted to add the criteria, target users, duration, and other details to be used as part of the investigation.

For more information, go to .

‌‌Q: Is it possible to invite someone from a company that is not currently a client to join a community?

‌A:‌ No. Community membership is limited to employees of organizations that have registered to the platform. Once an organization has registered, all registered users of that organization are eligible to participate, if they choose to do so.

For more information about invitations, go to Invitations or Invite New Members.

Q: Where are shared incidents stored?

A: Shared incidents will be maintained in the database

‌Q: What is the reliability of shared posts/incidents?

A: A user must accept terms and conditions before a post will be accepted in order to ensure maximum reliability of the shared information.

‌Q: Are shared threats/incidents/posts human-verified?

A: No, they are not verified. However, threat sharing communities are peer-to-peer networks formed and built on trust. This can be used to verify the posts/incidents.

Q: Is there any limit to the number of posts that can shared in a community?

A: No. You can share as many as you want to.

Q: Is it possible to leave a community of which I am the owner? Can I transfer ownership?

A: Yes. The owner of a community may transfer ownership to another member of the group. Select the name of the member to become the new owner, click on the three dots next to their name, and you have the option to Assign as Owner.

If you do not wish to assign a new owner, you also have the option to delete the community, however, please all posts and the data of the community will be erased.

Q: What is the reliability of shared posts/incidents?

A: A user must accept terms and conditions before a post will be accepted in order to ensure the maximum reliability of the shared information.

7. Use Cases

Use Case: Keep details private when posting an incident to avoid exposing confidential information

The best solution would be to post anonymously. The poster’s profile details – including the name of the individual and that of the organization - are withheld. It is also possible to select the attributes of the incident that will be visible or hidden in the Header field or Body or Attachment to provide additional confidentiality.

Use Case: Limit membership to a community

When setting up a community, the owner has a high degree of control about who can access and view that community information. The public, private, and hidden types of community offer different levels of disclosure and participation. Only public communities have unrestricted membership.

The owner of a private or hidden community has administrator rights and controls membership.

The name of a private community is displayed on the Communities homepage; however, membership is restricted.

Use Case: Find communities related to a particular industry or sector

The search option on the Communities page allows you to locate established groups in industries or sectors most relevant to your interests. For example, a user who works in financial services can search for communities concerned with banking, brokerage, investment banking, or private equity and, if the privacy options allow, become a member of those communities. It is also possible to search for industries and sectors according to the privacy option.

The Treat Sharing page also suggests communities that may be of potential interest.

Use Case: There are no communities related to my sector. What can I do?

If there are no existing communities of interest to join, this is an opportunity to create a new community for members of an unrepresented industry or sector.

This could be a great way to establish a presence for your community and become a thought leader within your industry or sector.

Use Case: Searching for specific incidents in the threat sharing database

The Incidents section offers several ways to search for a particular incident to determine if it may have already impacted your organization. The keyword, company, and threat fields can be used to filter the results.

This can provide excellent insights into past, present, and future threats to an organization, as well as guidance for targeted awareness training and to address any vulnerabilities in information security systems and networks.

Use Case: Assessing the threat of an incident

Community members can see which incidents are and have been considered the most harmful. The most dangerous attributes are flagged in the post, and members can immediately access the specific details and take the appropriate action for their organization.

Use Case: Using invitations to grow a community and improve security posture

Invitations are an invaluable way to expand and enrich communities. A large community has greater resources and expanded ability to improve cyber resilience. The member organizations will be better prepared for attacks based on the knowledge shared by others in the community.

There is no limit to the number of invitations to a public community, and all members may invite a colleague to join. The owner of a hidden or private community serves as a gatekeeper to membership and is the ultimate decision-maker of how many invitations are issued and to whom.

Use Case: Ensuring and enhancing the value of a community for the owner and members

The best way to make a community successful is the proactiveness of the membership, and in particular, the community owner. The larger the community, the more useful and valuable it will be for everyone, but the integrity and caliber of the membership provides additional strength, trust, and reliability.

Use Case: Defining the purpose of a community

The intended vision and goals of a community are provided when it is created and serve as a guide to activities and membership.

Use Case: What action can community members take in response to a posted incident?

Users have a range of options to choose from in response to a posted incident according to their own organization’s cybersecurity protocols and incident response procedures. Valuable information is provided related to both actual and potential threats and may be used according to individual needs.

Use Case: The community has lost its way. How can it be saved?

Priorities always change in an organization, and the same is true in the threat sharing world of communities. If the owner of a community no longer feels that it is functional, relevant or the purpose no longer exists, then the community can be deleted, and all incidents reported and which members were part of it will be destroyed as well.

💫
posting an incident
How to Edit, Investigate, Share, or Delete an Incident