Share Sightings Search results

You can share local sightings details or results that are associated with a particular search with your Trusted Security Circle.

Before you begin

Role required: sn_si.write

About this task

Sharing can be automated using the following Security Incident Response Properties.
  • Automatically share the results of a sightings search to the default ServiceNow trusted circle
  • Include observables with no local sightings when automatically sharing sightings search results
  • Respond with local sightings whenever a threat share is received from a trusted circle
For more information see, Properties installed with Security Incident Response.

Procedure

  1. Navigate to a security incident.
  2. Click the Show IoC related list and select the Sightings Search Results tab to view the list of sightings searches.
  3. Click a sightings search result.
    Share Sightings Search link
  4. On the Sightings Search Result form, click the Share sighting search result related link.
    The Sighting Search Result Share dialog box appears.
    Sightings Search Result Share dialog box
  5. Enter a Name for this observable share record.
  6. Enter a Description of the observables to share.
  7. Choose Circles to share the observables with.
  8. Click Submit.
    The observables are shared with the specified Trusted Circle.