Show IoC information for a security incident

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:2分

    • You can view IoC information, such as observables and sightings search results associated with a security incident.

    始める前に

    Role required: sn_si.basic

    手順

    1. If it is not already open, open the security incident for which you want to view IoC-related information.
    2. Click the Show IoC related link.
    3. Click any of the related lists to view or add information for the security incident.
      Tab Description
      Observables View or manually add or edit observables associated with the security incident. For more information, see Manage observables.
      Associated Indicators If Threat Intelligence is activated, you can view any other indicators associated with any of the same threat records.
      Sightings Search Results Contains Sightings Search results.
      Sightings Search Details Contains Sightings Search record details.
      Threat Lookups Stores enrichment data from malware detection systems. This tab only appears when the Threat Intelligence plugin is installed.
      Associated Attack Modes/Methods If Threat Intelligence is activated, you can view any other attack types associated with any of the same threat records.
      Security Scan Requests If Threat Intelligence is activated, you can view scan and lookup requests attached to the security incident.
      Resources with Similar IoC If Threat Intelligence is activated, you can view any other resources with similar indicators.
      Users with Similar IoC If Threat Intelligence is activated, you can view any other users with similar indicators.
    4. Click any of the following related links to further update the security incident:
    5. When you have completed your entries, click Submit.