Define observed data that conveys information about cyber security-related entities such as files, systems, and networks using the STIX Cyber-observable Objects (SCOs).

Before you begin

Role required: sn_ti.admin

Procedure

1. Navigate to All > Threat Intelligence > IoC Repository > Observed Data.
2. Click New.
3. Complete the fields in the form as appropriate.

   Field	Description
   First Observed	The initial time when the data was seen.
   Last Observed	The last time when the data was seen.
   Observed Count	The number of times that each Cyber-observable object was seen. The value must be an integer from 1 through 999,999,999.
   Source	Specifies the threat source from which this record is created.
   Source ID	Unique identifier for this object in the threat source.
   Created Time in Source	Specifies the time the object is created in the source.
   Modified Time in Source	Specifies the time the object is modified in the source.

4. Click Submit.

What to do next

Click any of the following related lists to view additional information about objects associated with the observed data.

Related Links and Related Lists	Description
Show Relationships	Opens the STIX Visualizer where you can view the relationship of the STIX object. Show Relationships appears only when the object has an associated object.
External References	Lists external references which refer to non-STIX information. This property is used to provide one or more external object identifiers.
Associated Observables	Lists observables associated with this object.
Indicators	Lists related Indicators of Compromise (IoC) that have been identified by the threat source associated with this object.
Infrastructure	Lists systems, software services, and any associated physical or virtual resources that are associated with this object.