TISC Enrichment Integrations

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:8分

    • The Threat Intelligence Security Center base system does not include any pre-configured integrations. This section provides instructions for configuring both ServiceNow and third-party integrations.

    重要:

    Make sure that you’ve installed the required third-party app integrations. You can see the observables, sighting search, and threat lookup details only for the third-party apps that are installed.

    All Integration Configurations

    All the integrations are separate applications that needs to be installed. TISC supports integrations with third party vendors. Any installed integrations can be configured here.

    This section displays cards for each of the configured integration implementations that you can activate and use.

    Each enrichment type’s section would be visible only if at least one of the corresponding integration for that enrichment type is installed. For example, the Threat Lookup section would be visible under Enrichment Integrations only if at least one Threat Lookup integration is installed.

    The configured integration cards can be viewed by navigating to Workspaces > Threat Intelligence Security Center > Integrations > Enrichment Integrations > All Integrations.

    Threat Intelligence integrations

    Actions on the All Integrations view

    The All Integration view enables you to perform the following actions.
    表 : 1. Actions on All Integrations view
    Action Description
    All Use this dropdown menu to filter integrations based on their current state. You can filter based on the following states:
    • All: Displays all the integrations on the page. This is the default option.
    • Enabled: Displays all the integrations that are in an enabled state.
    • Disabled: Displays all the integrations that are in a disabled state.
    • Draft: Displays all the integrations that are in a draft state.
    Card view Use this action to view all the integrations in the form of cards.
    List view Use this action to view all the integrations in the form of lists.
    Refresh Use this action to refresh the All Integrations page.
    Sort Use this action to sort all the integrations based on the following:
    • Last Modified (recent)
    • Last Modified (oldest)
    • Name (A-Z)
    • Name (Z-A)
    Search in catalog Use this action to search for configured integrations based on name and description within the catalog.

    Configure new enrichment from All Integrations view

    You can configure new enrichments from the All Integrations view or directly from the Observable Enrichment, Sighting Search, or Threat Lookup sections respectively. To configure the new enrichment from all the All Integrations view, perform the following steps.
    1. Navigate to Workspaces > Threat Intelligence Security Center.
    2. Click the Integrations icon, and select the All Integrations section.

      Configure new enrichment from All Integrations view

    3. Click the Configure new enrichment action.

      The Configure new enrichment pop-up appears with three enrichment types, which are Observable Enrichment, Sighting Search, or Threat Lookup. You need to choose which type of enrichment you want to configure.

      Configure the enrichment type

    4. Select an enrichment type, and click Next.

      This takes you to the pop-up that displays the available integrations. You need to choose the integration you want to configure.

    5. Select an integration from the list of available integrations, and click Select.

      This takes you to the Create New Enrichment Integration page of the selected integration. This page is pre-filled with details of the selected integration by default. For example, WHOIS integration.

    6. On the Create New Integration form, fill the fields.
      表 : 2. Configure the new enrichment integration form
      Field Description
      Name Enter a name for the new enrichment integration. For example, WHOIS1.
      Vendor Name Name of the vendor. The details of the selected vendor are pre-filled by default. For example, WHOIS.
      Integration Type Type of integration that you selected. For example, Observable Enrichment. The details of the selected integration type are pre-filled by default.
      The following Integration Types are supported:
      • Observable Enrichment
      • Sighting Search
      • Threat Lookup
      Description Enter a unique description for the new enrichment integration.
    7. In the Integration Configuration section, configure the integration details based on your requirements.

      The Integration Configuration section includes configuration details like API key, API Client ID or secret, username, password, and so on, which you need to fill in. These configuration details vary for different integrations.

    8. Click the Save action to store and create the enrichment integration configuration.

      The provided details are validated, and by default the enrichment integration's status is disabled.

    9. (Optional) Click the Save as Draft action to only store the integration configurations as draft. Users cannot enable an integration when it is saved in draft

      If you're not sure about the configuration details, you can use the Save as Draft option. After you get the configuration details, you can fill the remaining information in the draft version and create it.

    10. To enable the enrichment integration, click Enable.

      The enrichment integration is enabled successfully.

    11. You can also enable, disable, or delete a particular enrichment integration by using the Actions menu of the required integration tile on the Catalog page or the Enrichment Integrations page.