View Enrichment Results

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • Use this section to view the observables enrichment results such as Threat Lookup Results, Sightings, and Observable Enrichment Results from TISC in SIR workspace.

    Before you begin

    Role required: sn_si.analyst

    Procedure

    1. Navigate to Workspaces > Security Incident Response Workspace > Security Incidents > All.
    2. Locate and open any specific security incident that you are investigating.
      This can also be done by searching for the incident ID or browsing from Quick Filters section or filtering through incident state.
    3. Once the incident is open, navigate to TISC Context tab.
      Viewing Enrichment Results:

      Within the incident details, you can view related information in several sections.

      1. Select one or more observables.
      2. Click on View Enrichment Results button.
        This section displays the details that are related to the selected observables.
        Name Description
        Threat Lookup Results Lists all the associated threat lookup results for selected TISC observables.
        Sightings Lists all the associated sightings for selected TISC observables.
        Observable Enrichment Results Lists all the associated observable enrichment results for selected TISC observables.
        TISC Context - View Enrichment Results.