Analyze and assess threat IoC’s

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 2분

    • Learn how to analyze an IOC’s which are a threat and notifying the security incident team.

    시작하기 전에

    Role required:
    • System Administrator (view, create or edit)
    • sn_sec_tisc.admin (view)

    이 태스크 정보

    Whenever a sighting search enrichment is requested:
    • if the observable is sighted (count > 0) and
    • Observable Reputation is Malicious and
    • Observable Threat score is > 80 and
    • Observable Confidence > 80

    프로시저

    1. Navigate to All > Threat Intelligence Security Center > Administration.
    2. Select Automated Flows.
    3. Select Analyze, assess the IoCs related to the threat and create incident action link to view the respective rule details in the flow designer.
    4. View the flow designer action for the following trigger: 
      Sighting Created where (Sighting count greater than 0, and Observable. Reputation is Malicious, and Observable. Threat Score greater than 80, and Observable. Confidence greater than 80)
    5. If Sighting Created where (Sighting count greater than 0, and Observable. Reputation is Malicious, and Observable. Threat Score greater than 80, and Observable. Confidence greater than 80), then:
      1. Create an security incident and add the observable to the incident.
      2. Add Observables to Security Incident V1.
      3. Send an email communication.
        Analyze, assess the IoC’s related to the threat and create incident.