Import data using raw text

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:5分

    • Import the observables data by copying and pasting raw text or entering the free text.

    始める前に

    Role required: sn_sec_tisc.analyst

    手順

    1. Navigate to Workspaces > Threat Intelligence Security Center.
      The Threat Intel Library page is displayed.
    2. Click Import Intelligence.
      重要:
      • Any defanging characters will be cleaned as part of parsing and extraction of observables.
      • For this pasted text option only URL, domain, file name, hashes, and IP address will be extracted and no other observable types will be extracted for the data import and in case of such type of observables such as registry, directory types, those will be skipped from importing.
    3. Click Import from raw text card.
      重要:
      While importing the threat intelligence data in the raw text format the characters are limited to 10,000. The raw text option can be used as a workaround to extract the observables from the PDF.
    4. On the form, fill in the fields.
      Field Description
      Raw data text box Enter or copy and paste the raw text here in this text box.
      注:
      You can only enter or paste the raw text to 10,000 characters.
      Set definitions
      TLP Select the TLP indicator from the drop-down list to be applied for the imported records.
      Confidence (0-100) Define the confidence value.
      Expiry Period (days) Enter the expiry period for the imported records.
      注:
      This is a mandatory field.
      Add Observable(s) to security Control List Select this option to add observables to the appropriate security control list.

      This option allows you to directly add the observables to a security control list while importing.

      The available options in the drop-down list are:
      • Allow list
      • Deny list
      • None
      The default option is None.
      Add Tags Use the tags to annotate or ear mark records ingested into the system from this source. Staart typing the tag name in the Search bar to choose the available tags in the system or enter new tag name and click Add to assign it to the source.
      Taxonomy
      Select a Taxonomy Select the taxonomy for the imported data. Using taxonomies, define dictionaries that can be used as taxonomies assigned to threat intel records. For example, CAPEC nomenclature. For more information, see Creating Taxonomies.
    5. Click Next.
    6. Review the data before submission for processing.

      After you click Next, you can see the summary of all the information that user has provided in the above section, and the below section provides you with all the records that needs to be imported.

      User can perform any type of activities and the multiple users can collaborate using the comment section which is available in the right contextual menu.

      注:
      Any records that fail the validations are skipped from the import process and those records are not displayed on the Review & submit page for further processing.
    7. Click Update Type and select the type to update any type of the imported records.
    8. Click Delete to delete any type of the imported records.
    9. Click Submit.
      注:
      After you submit the import record, the user will be directed to the approver to approve the corresponding import record based on the approval rules configured. If the current user who is creating the record doesn't require the approval process then the record goes through the auto approval process the import job gets auto approved while submitting request.
    10. Click View Status to view the status of the record or click Done.
      The record displays the processed status once it is processed.
    11. Click Cancel to abort the import process.
    12. Click Go Back to go back to the previous page and review the record, if necessary.