(Optional) Manually attach an observable for PhishTank

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:2分

    • You can manually attach observables to a security incident. You manually attach observables when you want to perform threat lookups on observables that are not attached to a security incident on the initial event trigger. Also, you might perform this task when you want more information about a related observable.

    始める前に

    Role required: sn_si.analyst

    手順

    1. Navigate to your open security incident.
    2. On the open security incident record, click the Show IoClink in Related Links to display the Observables tab.
      Observables tab in the security record.
    3. Click New.
      The Observable form is displayed.
    4. In the Value field, enter a URL.
    5. Click the search icon and from the Observable Type Categories dialog box, click URL in the list to populate the field.
      Observables type Categories list.
    6. Click Submit.
      The flow launches and checks for the new observable. The execution and completion status is displayed in the work notes section on the Security Incident record.

      Security Operations - PhishTank integration flow.

    7. Navigate to your security incident and review the work notes.
      Look up status in work notes.
    8. Click the Show All Related Lists related link at the bottom of the security incident.
    9. Click the Threat Lookup Results tab to view the results.
      Look up results on the security record.
    10. In the Observable column, click the blue information icon next to a given observable for more information and raw data.
      Information icon on security record.
    11. In the dialog box that is displayed, click Open Record.
    Review the work notes for more information and how to proceed if you cannot verify that the lookup ran successfully.