Add multiple security incident observables

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 1 minute to read

    • To save time, you can add multiple security incident observables to the security incident observables list.

    Before you begin

    Role required: sn_ti_write
    Note:
    When adding multiple security incident observables, duplicates are ignored during processing.

    Procedure

    1. Navigate to Security Incident.
    2. Choose an incident.
    3. Click the Add Multiple Observables related link.
    4. Enter or paste multiple observables.
      Entries can be of any Observable Type. Accepted formats are: comma, new line, tab, or pipe separators.
      Add multiple observables comma delimited list example
      Note:
      When you add an observable to the security incident, the system checks for any other configuration items or users associated with it. The Related Configuration Items and Related Users related list tabs are updated accordingly.
      Note: Observable values not auto-detected are assigned to type Unknown.
    5. Click Submit..