Define observable-observable relationships

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 1분

    • Define relationships between observables.

    시작하기 전에

    Role required: sn_sec_tisc.analyst

    프로시저

    1. Navigate to Workspaces > Threat Intelligence Security Center.
    2. Click on Threat Intel Library icon on the workspace.
    3. Go to Relationships > Observable-Observable.
    4. Click New.
    5. Complete the fields in the form as appropriate.
      FieldDescription
      Source Observable Select and define the source object.
      Target Observable Select and define the target object.
      Relationship Type A description that provides more details and context about the relationship type. The available options are:

      Define the relationship direction whether it is direct or inverse.

      • Inverse - This is the type of relationship between the observable and object.
      • Direct - This is the type of relationship between the object and observable.
      Basis For Correlation Name of the correlation rule based on which the system has identified as the related records of that observable. This rule is auto populated.
    6. Click Submit.