Fetch Observables Data
Fetch the observables related records data.
始める前に
Role required: sn_sec_tisc.analyst
手順
- Navigate to Workspaces > Threat Intelligence Security Center.
- Click on Threat Intel Library icon on the workspace.
-
Go to Observables.
The related observables associated with that selected object are displayed.
-
Select any observable record.
If the given observables has any CVEs associated with it then you can fetch its vulnerable related data automatically using the button provided, and these associated records are displayed in the Business Context section of the Vulnerabilities.
-
Go to Internal Intelligence > Vulnerable entries.
The associated CVEs records for the observables are displayed.
-
Select any CVE and click on Fetch Vulnerability related data button.
注:
- An information message displays that This specific vulnerability object doesn't have any vulnerable entries associated with it. You must associate the object(s) with the vulnerable entries to fetch the data. For more information see, Fetch Vulnerability Data on how to link the records and perform the scheduled job to fetch the data. and for more information on Scheduled jobs, see Scheduled jobs.
- This button will trigger a background scheduled job, and the job initiation and execution details are displayed in the Activity Stream section. For example, when the job is triggered the activity stream displays an activity that Started fetching associated data with the vulnerable entries. The background scheduled job will continuously check for any observables that has any vulnerable entry associated with the observable and run automatically and this scheduled job will run every one hour. in case if the records are not fetched then you can manually link the records and fetch the data.