Analyze and assess threat IoC’s

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:2分

    • Learn how to analyze an IOC’s which are a threat and notifying the security incident team.

    始める前に

    Role required:
    • System Administrator (view, create or edit)
    • sn_sec_tisc.admin (view)

    このタスクについて

    Whenever a sighting search enrichment is requested:
    • if the observable is sighted (count > 0) and
    • Observable Reputation is Malicious and
    • Observable Threat score is > 80 and
    • Observable Confidence > 80

    手順

    1. Navigate to All > Threat Intelligence Security Center > Administration.
    2. Select Automated Flows.
    3. Select Analyze, assess the IoCs related to the threat and create incident action link to view the respective rule details in the flow designer.
    4. View the flow designer action for the following trigger: 
      Sighting Created where (Sighting count greater than 0, and Observable. Reputation is Malicious, and Observable. Threat Score greater than 80, and Observable. Confidence greater than 80)
    5. If Sighting Created where (Sighting count greater than 0, and Observable. Reputation is Malicious, and Observable. Threat Score greater than 80, and Observable. Confidence greater than 80), then:
      1. Create an security incident and add the observable to the incident.
      2. Add Observables to Security Incident V1.
      3. Send an email communication.
        Analyze, assess the IoC’s related to the threat and create incident.