Define object-observable relationships

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:1分

    • Define relationships between SDOs and the observable object (SCO).

    始める前に

    Role required: sn_sec_tisc.analyst

    手順

    1. Navigate to Workspaces > Threat Intelligence Security Center.
    2. Click on Threat Intel Library icon on the workspace.
    3. Go to Relationships > Object-Observable.
    4. Click New.
    5. Complete the fields in the form as appropriate.
      FieldDescription
      Observable Select and define the observable.
      Object Select and define the object.
      Relationship Type A description that provides more details and context about the relationship type.

      Define the relationship direction whether it is direct or inverse.

      • Inverse - This is the type of relationship between the observable and object.
      • Direct - This is the type of relationship between the object and observable.
      Start Time Specifies the time when the relationship is created.
      Stop Time Specifies the time when the relationship is stopped or removed.
      Description A brief description about the object relationships.
    6. Click Submit.