Analyze, assess, and disseminate observables

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:1分

    • Learn how to analyze and disseminate observables which are related to threat.

    始める前に

    Role required:
    • System Administrator (view, create or edit)
    • sn_sec_tisc.admin (view)

    このタスクについて

    Whenever a sighting search enrichment is requested, it returns with no sightings.

    手順

    1. Navigate to All > Threat Intelligence Security Center > Administration.
    2. Select Automated Flows.
    3. Select Analyze, assess and disseminate on the IoCs related to threat action link to view the respective rule details in the flow designer.
    4. View the flow designer action for the following trigger: 
      Sighting Created where (Sighting count is 0)
    5. The observable has a threat score greater than 80, confidence greater than 80 and reputation is malicious:
      1. Add the observable to deny list.
      2. End the flow for this observable.
    6. Else, the observable reputation is suspicious, and the threat score is in the range of 60-80:
      1. Add a tag called Potential New Threat.
      2. Add the observable to watch list.
      3. Create a case task with CTI team to track this observable and analyze further.
      4. Link observable to the case for investigation.
        Analyze, assess, and disseminate on the IoC’s related to threat.