Define sightings that denote that an indicator was seen.

시작하기 전에

Role required: sn_ti.admin

프로시저

1. Navigate to All > Threat Intelligence > IoC Repository > Indicator Sightings.
2. Click New.
3. Complete the fields in the form as appropriate.

   Field	Description
   Indicator	Identifies the indicator. Search and select the indicator.
   Count	The number of times the object was seen.
   First Seen	The time that this object first seen performing malicious activities.
   Last Seen	The time that this object was last seen performing malicious activities.
   Source	Specifies the threat source from which this record is created.
   Description	A description that provides more details and context about the indicator sighting, potentially including its purpose and its key characteristics.
   Source ID	Unique identifier for this object in the threat source.
   Is Summary
   Created Time in Source	Specifies the time the object is created in the source.
   Modified Time in Source	Specifies the time the object is modified in the source.

4. Click Submit.

다음에 수행할 작업

Click any of the following related lists to view additional information about objects associated with the indicator sighting.

Related Lists	Description
External References	Lists external references which refer to non-STIX information. This property is used to provide one or more external object identifiers.
Identities	List of identities associated with this object.
Observed Data	Lists observed data associated with this object.