Define Data Component

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:7分

    • Define a data component to identify the properties or values of a data source

    始める前に

    Role required: sn_sec_tisc.analyst

    手順

    1. Navigate to Workspaces > Threat Intelligence Security Center.
    2. Click on Threat Intel Library icon on the workspace.
    3. Go to Data Component object.
    4. Click New.
      注:
      Whenever you create new object records for observables, indicators, entities or objects a source record is created and a prompt message is displayed that the new object record is created and then the user is redirected to the aggregated record.
    5. On the form, fill in the fields.
      表 : 1. Data Component Details view
      Field Description
      ID Unique ID to identify a Data Component.
      Name A name used to identify the Data Component.
      Description A description that provides more details and context about the vulnerability, potentially including its purpose and its key characteristics.
      Data Source Indicates the normalized degree of severity of this vulnerability
      TLP TLP is used to ensure that sensitive information is shared with the appropriate audience. It employs four colors (White, Green, Amber, and Red) to indicate different degrees of sensitivity.
      Source Specifies the threat source from which this object record is created.
      Confidence Indicates the confidence for this object. The confidence must be between 0-100.
      Revoked Indicates that the revoked objects are no longer considered valid by the object creator.
      表 : 2. Insights
      Field Description
      Notes Add any additional notes for this Data Component.
      表 : 3. Additional Information
      Field Description
      Additional Context Add any additional context for this Data Component.
      Spec Version The version of the STIX specification used to represent this object.

      The value of this property must be 2.1 for STIX Objects defined according to this specification.
      Lang This property identifies the language of the text content in this object.
      Created Time In Source Specifies the time the object is created in the source.
      Extensions Indicates the extensions of Data Component.
      Modified Time in Source Specifies the time the object is modified in the source.
      Processing Status Represents the processing status of this object, course of action.
      Created Specifies the date and time when the object is created in the source.
      Updated Specifies the date and time when the object was updated in the source.
      Created By Ref This property specifies that the identity object that describes the entity had created this object.
    6. Click Save.
      After you save, a prompt message is displayed indicating that A new observable record is created. Click Continue to edit the record and create new relationships.
    7. Click Continue.
      重要:
      After you create a new observable record, Prevent System Updates check box is displayed.

      Select this check box to prevent any updates from the system after the observable or indicator or STIX objects records are created.

      表 : 4. Tags&Taxonomies
      Field Description
      Tags
      Select Tags Select the tags that are associated with the vulnerability.
      Add Tags Add new tags.
      Taxonomies
      Select Taxonomy Select a Taxonomy that is associated with this vulnerability.
      Add Taxonomy Values Add Taxonomy values that are associated with this vulnerability.

    次のタスク

    Click any of the following related lists to view additional information about objects associated with the Data Component.
    表 : 5. Related Records
    Field Description
    Attack Patterns Lists the attack patterns associated with this object.
    注:
    1. You can link and unlink the related records associated with this object. For more information, see Link Threat Intel Related Records.
    2. The various SDOs within the TI library also contains the potential relationships. To establish a relationships between any two objects, you use the Potential Relationships link from the Threat Intel Library to confirm the relationships between the objects. For more information, see Confirm object-object potential relationships.
    3. Also, use the Related Records section from the objects form view to confirm the relationships between two Objects using the Potential Relationships section available on the form view. For more information on see, Confirm Potential Relationships from Related Records.
    4. You can add objects to cases. For more information, see Add to Case.