Select implementations
Select one or more implementations as applicable.
Avant de commencer
Role required: sn_si.analyst
The available implementations are listed. Select the implementation(s), after you select them only the supported records will be submitted against each selected implementation(s).
Procédure
-
Go to Investigation tab of the workspace.
The investigation tab with the entry points lists is displayed.
-
Select the associated observable from the entry point lists.
For example, select related list. The corresponding observables records are displayed.Remarque :You can select an implementation to perform a lookup on the selected observables, or you can perform the lookup by selecting all implementations.
Figure 1. Run Threat Lookup -
Select Run Threat Lookup to perform threat intel related
integration capabilities action.
Remarque :The Run Threat Lookup Implementations modal screen is displayed.The Run Threat Lookups capability performs threat intelligence lookups to determine whether one or more observables are associated with any known security threats.
Figure 2. Run Threat Lookup Implementations -
Click Submit.
After the selected records are submitted, a message is displayed that the lookup is being executed. Once the implementation is processed in the backend, the results are displayed in the Threat Lookup Results related list section. Also, the respective implementation activity is displayed in the Activity section. Two activities are displayed, one is when the implementation execution is started and the second one is when the execution is completed.Remarque :The Threat intel related lists such as the associated observables related lists are displayed in the Threat Lookup Results section, and the Sightings Search related lists are displayed in the Sightings Search Results section under the Related Records.