Share Sightings Search results

  • Release version: Xanadu
  • Updated June 11, 2026
  • 1 minute to read

    • You can share local sightings details or results that are associated with a particular search with your Trusted Security Circle.

    Before you begin

    Role required: sn_si.analyst

    About this task

    Sharing can be automated using the following Security Incident Response Properties.
    • Automatically share the results of a sightings search to the default ServiceNow trusted circle
    • Include observables with no local sightings when automatically sharing sightings search results
    • Respond with local sightings whenever a threat share is received from a trusted circle

    Procedure

    1. Navigate to a security incident.
    2. Click the Show IoC related list and select the Sightings Search Results tab to view the list of sightings searches.
    3. Click on a sightings search result.
      Share Sightings Search link
    4. On the Sightings Search Resultform, click the Share sighting search result related link.
      The Sighting Search Result Share dialog box appears.
      Sightings Search Result Share dialog box
    5. Enter a Name for this observable share record.
    6. Enter a Descriptionof the observables to share.
    7. Choose Circles to share the observables with.
    8. Click Submit.
      The observable(s) are shared with the specified Trusted Circle.