Share Sightings Search results

  • Release version: Australia
  • Updated June 16, 2026
  • 1 minute to read

    • You can share local sightings details or results that are associated with a particular search with your Trusted Security Circle.

    Before you begin

    Role required: sn_si.analyst

    About this task

    Sharing can be automated using the following Security Incident Response Properties.
    • Automatically share the results of a sightings search to the default ServiceNow trusted circle
    • Include observables with no local sightings when automatically sharing sightings search results
    • Respond with local sightings whenever a threat share is received from a trusted circle

    Procedure

    1. Navigate to a security incident.
    2. Select the Show IoC related list and select the Sightings Search Results tab to view the list of sightings searches.
    3. Select a sightings search result.
    4. On the Sightings Search Resultform, Select the Share sighting search result related link.
      The Sighting Search Result Share dialog box appears.
    5. Enter a Name for this observable share record.
    6. Enter a Descriptionof the observables to share.
    7. Choose Circles to share the observables with.
    8. Select Submit.
      The observable(s) are shared with the specified Trusted Circle.