Run a sightings search on observables in a case

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • You can search for observables using the Sighting Search feature to determine how often they occur. Each occurrence is considered a sighting. You can limit the search to the number of sightings within a selected number of days or within a date range.

    Avant de commencer

    The Threat Intelligence plugin must be activated to use Security Case Management.

    Role required: sn_ti.case_user_write

    Procédure

    1. Navigate to All > Threat Intelligence > Case Management > All Cases.
    2. Open the case that contains observables for which you want to run a sightings search.
    3. Click the Case Artifacts related link.
    4. Click the Observables tab.
    5. Select one or more observables for which you want to search for sightings.
      Run a sightings search
    6. From the Actions on selected items drop-down list, select Run sightings search.
      The Run Sighting Search dialog box appears.
      Sightings search
    7. Either enter the number of days or hours you want to search for sightings of the selected observables, or select a date range.
    8. Click Search.