View Sightings Search Data

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 2분

    • Review the aggregate data of all sighting searches.

    시작하기 전에

    Role required: sn_si.analyst

    프로시저

    1. Navigate to a security incident.
    2. Select the Sightings Search Data tab from Show All Related Lists Related List group to view the list of sightings searches.
      주:
      This data can be shared with Trusted Security Circle.
      표 1. Sightings Search Data
      Result Description
      End date range Time to stop looking for sightings.
      External Sightings Aggregated count of external sightings. (Received from threat sharing.)
      Internal Sightings Aggregated count of internal sightings.
      Is Local Indicates whether the sightings came from the current or a shared environment.
      Observable List of all observables searched for by query.
      Sighting count Number of sightings searched for.
      Sighting search Sightings Search identifier.
      Sighting search detail Aggregate detail of the sighting search.
      Sighting search link Link pointing to the Sighting search portal. The search query is automatically applied upon clicking the Sighting search link.
      Sighting search query Query to identify the instance.

      172.10.0.171 is substitutable and gets substituted in the observable selected.

      (search 172.10.0.171 | head 10)

      주:
      Selection of days will not be applicable to Saved search.