Send Observables to TISC

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:5分

    • Using this feature the security analyst can push the observables data from SIR to TISC. Using the TISC Context, you can check if the observables are present in TISC, if not security analyst can push the data whenever required.

    始める前に

    Role required: sn_si.analyst

    手順

    1. Navigate to Workspaces > Security Incident Response Workspace > Security Incidents > All.
    2. Open a security incident.
    3. Select the Related Records tab to perform the TISC integration capability action.
      注:
      • You can also navigate to the Investigation tab, and navigate to the Entry Points Lists section displayed on the left side of the page and select Associated Observables to perform the push operation.
      • On the Investigation tab, select View Related Info to view all the associated threat lookup, sighting search, and enrichment data for the selected observable. For more information, see Explore Investigation Canvas.
    4. For example, select Threat Intel > Associated Observables to perform the push operation and manually push the data into TISC.
    5. Select one or more observable record to perform Send Observable to TISC operation to push the data.
      SIR Workspace - Send Observable to TISC
    6. Select Send Observable to TISC.
    7. On the Send Observables to TISC screen, provide the following:
      表 : 1. Add information to TISC observables
      Field Description
      Confidence The confidence score for the observables.
      TLP The TLP (Traffic Light Protocol) value for the observables.
      Notes Notes for the observables.
      TISC Tags Tags for the observables to send. You can add custom tags that are added to the observables.
    8. Select Send.
      注:
      • If the selected observable isn’t present in TISC, then first the observable will be created as observable source and then once source observable creates TISC observable record, the observable record will be automatically associated with the newly created observable.
      • Once the observable push operation is performed, then an information message is displayed.
        Following observables are successfully pushed to TISC. 
It may take sometime to reflect in TISC context tab. 
0.0.0.0
      • If an observable already exists TISC, then an error message is displayed.
        The following observables already exist in TISC:
0.0.0.0
      Send to TISC Push observable operation
    9. Select TISC Context.
      注:
      :
      • You will now see the observable that is pushed to TISC from SIR application.
        View observables associated info.
      • In a manual push operation: The observable data can only be pushed if they are linked to the security incidents. Once the observable is pushed from SIR then that data can be identified using sources which will have reference to security incident linked to the observable.
      • In an automatic push operation: The observable or enrichment data will be pushed automatically when it is associated to security incident.
        注:
        The Send Observable to TISC option disappears once the automated flow is enabled.
      • TISC Context shows all the SIR associated observable which are also present in TISC.
      • Using TISC context, the SIR analysts can see all the TISC Enrichment data including Threat Lookups, Sighting Search, and Observable Enrichment Results.
      • View Associated Info will show all the associated observable enrichment data of the selected observables.
    10. View the results.