Observables Observables represent stateful properties (such as the MD5 hash of a file or the value of a registry key) or measurable events (such as the creation of a registry key or the deletion of a file) that are pertinent to the operation of computers and networks. Sets of cyber observables are useful for identifying indicators of compromise when they are combined with contextual information that represents the behaviors of cyber threats. Define an observableObservables are retrieved from the vendor server as STIX data; however, you can create new observables, as needed.Add a related IoC to an observableIn addition to importing observables as STIX data, you can add related observables to an IoC manually.Add associated tasks to an observableIn addition to importing associated tasks (such as changes and incidents) as STIX data, you can add them to an observable manually.Add a related observableIn addition to importing observables as STIX data, you can add related observables manually.Load additional IoC dataDepending on settings in two properties and a script include definition, you can load geolocation information for IP addresses and websites in the Observables form. With further customization, you can also add other information, such as country codes, city names, etc.Identify observable sourcesIf an observable has no sources defined, it will use all types of sources. However, if you add one or more threat sources to an observable, it will limit the sources used.