Analyze and assess threat IoC’s

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • Learn how to analyze an IOC’s which are a threat and notifying the security incident team.

    Avant de commencer

    Role required:
    • System Administrator (view, create or edit)
    • sn_sec_tisc.admin (view)

    Pourquoi et quand exécuter cette tâche

    Whenever a sighting search enrichment is requested:
    • if the observable is sighted (count > 0) and
    • Observable Reputation is Malicious and
    • Observable Threat score is > 80 and
    • Observable Confidence > 80

    Procédure

    1. Navigate to All > Threat Intelligence Security Center > Administration.
    2. Select Automated Flows.
    3. Select Analyze, assess the IoCs related to the threat and create incident action link to view the respective rule details in the flow designer.
    4. View the flow designer action for the following trigger: 
      Sighting Created where (Sighting count greater than 0, and Observable. Reputation is Malicious, and Observable. Threat Score greater than 80, and Observable. Confidence greater than 80)
    5. If Sighting Created where (Sighting count greater than 0, and Observable. Reputation is Malicious, and Observable. Threat Score greater than 80, and Observable. Confidence greater than 80), then:
      1. Create an security incident and add the observable to the incident.
      2. Add Observables to Security Incident V1.
      3. Send an email communication.
        Analyze, assess the IoC’s related to the threat and create incident.