Run a sightings search on observables in a case

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 1분

    • You can search for observables using the Sighting Search feature to determine how often they occur. Each occurrence is considered a sighting. You can limit the search to the number of sightings within a selected number of days or within a date range.

    시작하기 전에

    The Threat Intelligence plugin must be activated to use Security Case Management.

    Role required: sn_ti.case_user_write

    프로시저

    1. Navigate to All > Threat Intelligence > Case Management > All Cases.
    2. Open the case that contains observables for which you want to run a sightings search.
    3. Click the Case Artifacts related link.
    4. Click the Observables tab.
    5. Select one or more observables for which you want to search for sightings.
      Run a sightings search
    6. From the Actions on selected items drop-down list, select Run sightings search.
      The Run Sighting Search dialog box appears.
      Sightings search
    7. Either enter the number of days or hours you want to search for sightings of the selected observables, or select a date range.
    8. Click Search.