Analyze, assess, and disseminate observables

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 1분

    • Learn how to analyze and disseminate observables which are related to threat.

    시작하기 전에

    Role required:
    • System Administrator (view, create or edit)
    • sn_sec_tisc.admin (view)

    이 태스크 정보

    Whenever a sighting search enrichment is requested, it returns with no sightings.

    프로시저

    1. Navigate to All > Threat Intelligence Security Center > Administration.
    2. Select Automated Flows.
    3. Select Analyze, assess and disseminate on the IoCs related to threat action link to view the respective rule details in the flow designer.
    4. View the flow designer action for the following trigger: 
      Sighting Created where (Sighting count is 0)
    5. The observable has a threat score greater than 80, confidence greater than 80 and reputation is malicious:
      1. Add the observable to deny list.
      2. End the flow for this observable.
    6. Else, the observable reputation is suspicious, and the threat score is in the range of 60-80:
      1. Add a tag called Potential New Threat.
      2. Add the observable to watch list.
      3. Create a case task with CTI team to track this observable and analyze further.
      4. Link observable to the case for investigation.
        Analyze, assess, and disseminate on the IoC’s related to threat.