TISC Library Objects form view

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of TISC Library Objects form view

    The Threat Intelligence Security Center (TISC) Library Objects form view provides a comprehensive interface for managing Security Domain Objects (SDOs) within ServiceNow. It enables threat analysts to view, edit, enrich, and correlate threat intelligence data efficiently. The form view consolidates multiple functionalities for ease of navigation and actionable intelligence management.

    Show full answer Show less

    Key Features

    • Details tab: View or edit individual SDOs in a detailed form layout.
    • Source Records tab: Displays source records that aggregate into the form view object, created either automatically from threat feeds or manually.
    • Related Records tab: Lists all records linked to the SDO, facilitating relationship tracking.
    • Relationship Graph tab: Visualizes connections between related threat objects, aiding in analysis.
    • Internal Intelligence tab: Shows internal intelligence data linked to the objects.
    • Enrichment Results tab: Displays results from enrichment integrations applied to the object.
    • Form banner: Read-only summary section with key fields such as Type, Confidence, Threat Score, Sightings count, Status, and Expiration Time.
    • Form banner UI actions: Allows quick security control actions—adding observables to allow, deny, or watch lists; applicable only to observables.
    • Form UI actions: Provides essential actions including adding objects to cases, running observable enrichment, saving, and deleting records.
    • Right Contextual menu: Offers quick access to attachments, notes (insights), and other relevant task controls, enhancing analyst workflow. Attachments pane is shown by default but can be toggled via workspace preferences.
    • Search capabilities: Two search functions enable locating objects within the TI library and source records across multiple sources with flexible keyword matching and refinement options. Search results open in new tabs for detailed review.

    Practical Benefits for ServiceNow Customers

    • Streamlines threat intelligence investigation by consolidating detailed data and related records in one form.
    • Enhances situational awareness through visual relationship graphs and enrichment results, enabling quicker decision-making.
    • Improves operational efficiency with contextual menus and UI actions tailored for common analyst tasks like case management and enrichment.
    • Facilitates effective threat response by allowing rapid classification of observables into allow, deny, or watch lists directly from the form.
    • Enables comprehensive searching and filtering of threat intelligence data, helping analysts find relevant information faster and maintain up-to-date threat contexts.

    Overall, the TISC Library Objects form view empowers ServiceNow customers to manage and analyze threat intelligence with better clarity, control, and integration into their security operations.

    The Threat Intelligence Security Center objects home page consists of the following features.

    Use or navigate to these following sections and learn more about each SDOs in detail.

    TISC Objects home page view
    Table 1. TISC library objects form view
    Order Menu/Tab Description
    1 Details tab Use this section to view or edit the SDOs in the form view.
    2 Source Records tab Source records contribute to an aggregated record as displayed in the form view. These source records are auto created from feeds or manually created by the user.
    3 Related Records tab Lists all the related records associated with the SDO.
    4 Relationship Graph tab Visual representation of the related objects.
    5 Internal Intelligence tab Lists the internal intelligence records of the associated objects.
    6 Enrichment Results tab Lists the enrichment integrations associated with the objects.
    7 Form banner This is read-only section, which contains the key fields such as Type, Confidence, Threat score, Number of Sightings, Status and Expiration time.
    8 Form banner UI actions These are the security control lists that are available for you to click if they are needed to be added to the allow list, removed from the allow list (Deny list), or add it to the watch list based on the observables. Click to:
    • add to watch list
    • add to deny list
    • add to allow list
    Note:
    The Form actions are applicable only to Observables.
    9 Form UI actions The available form UI actions are:
    1. Add to Case: Add the objects to the case.
    2. Run Observable Enrichment: Run the enrichments to the selected objects.
    3. Save: Save the record.
    4. Delete: Delete the record.
    10 Right Contextual menu Provides easy access to the quick controls such as attachments, notes, and so on, based on the tasks associated with that object. This option is available across the remaining two tabs for the threat analyst to access whenever required.
    The contextual menu provides easy navigation to:
    1. Attachments: Attach any file that are related to the objects.
      Note:
      Whenever you either create a new observable, indicators, or any objects or view the existing objects, the Attachments pane is by default displayed on the respective form view. You can either click the Attachments icon on the right-contextual menu or go to Preferences > Workspaces and disable the Show the sidebar. For more information, see Configure Next Experience Workspace preferences.
    2. Insights: Add any additional information related to the observables or indicators which are associated with that object.
    NA Search in Navigator Use this search function to search for various objects within the Threat Intel (TI) library. For example, you can search for all observables records within the TI library module.
    NA Search in Threat Intel Library Use this search function to search for the source records across multiple sources based on your search criteria. The results will be displayed in a separate Search Results tab. For example, for an IP address 104.227.137.35, if you need to search the records, by entering 104.* then searching will narrowed down the records and displays the records that contains the IP address starting with 104 in the separate Search Results tab.
    • You can also modify the existing search keywords in the Search Criteria on the same Search Results page without going back to the Threat Library page.
    • Similarly, you can also search based on the name and description of any particular record.
    • Once the records are filtered and listed, you can click on the list view which will take you to the respective record in a new tab.