Run Observable Enrichment

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • Select one or more implementations as applicable to run threat lookup on observables.

    Before you begin

    Role required: sn_sec_tisc.admin

    Procedure

    1. Navigate to Workspaces > Threat Intelligence Security Center.
    2. Click Threat Analyst Workbench icon.
    3. Go to Observables > All Observables.
    4. Open any observable record.
    5. Click Run Observable Enrichment.
      The Run Observable Enrichment Select Implementations modal screen is displayed.
      Note:
      Only supported records will be submitted against the selected implementation(s)
    6. Select the required implementation(s) (for example, WHOIS) from the list.
      Run Observable Enrichment
    7. Click Submit.
      The selected enrichment action will be executed and an information message is displayed that Threat lookup execution has started.
      Note:
      • Once the execution initiated or completed, a work notes is posted on the activity stream of the form view.
      • The enrichment results pushed from SIR workspace can be found in the Enrichment Results tab of that corresponding Observables details page in TISC Workspace.
      • The enrichment results pushed from SIR workspace can be identified using Source field of the enrichment result table.