View TISC Context in SIR Workspace

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • View TISC Context under an incident in SIR workspace.

    Before you begin

    Role required: sn_sec_tisc.analyst, sn_sec_tisc.sir_enrichment_data_writer

    Procedure

    1. Navigate to Workspaces > Threat Intelligence Security Center > Threat Intel Library > Observables > All Observables.
    2. Select any observable(s) record.
    3. View the Source column.
      After the TISC Context is set in SIR, the Source observables that are linked to the security incident and the same is displayed under the Source column.
    4. Alternatively, click on the pushed observable record, which will take you to the Enrichment Results section for the TISC records.
    5. View the Enrichment Results tab.
      The Enrichment Results tab displays the TISC integrations enrichment results.
      Note:
      • As the enrichment data is only in context to observable and not Security incident, you will only see source as security incident response.
      • The enrichment data generated from TISC will have TISC as source.
      • Using ingestion type column we can identity if the record is pushed manually or automatically.
      Enrichment Name Description
      Threat Lookup Results Lists all the associated threat lookup results for an observable enrichment record.
      Sightings Lists all the associated sightings for an observable.
      Observable Enrichment Results Lists all the associated observable enrichment results for an observable.