Define supported lookup types

When a lookup source supports a certain type of lookup (such as URL, IP, file, or file hash value), you must add them to the lookup record.

Before you begin

Role required: sn_ti.admin

About this task

Aside from pairing a lookup source to a supported lookup type, the lookup type is responsible for providing the instantiation scripts that perform the lookup for the given type. This action is represented by two script fields, Integration factory script and Processor factory script, on the Supported lookup type screen. Lookup types for File, Hash, IP, and URL are provided.

Procedure

  1. Navigate to Threat Intelligence > IoC Lookup > Lookup Types.
  2. Click New.
  3. Fill in the fields on the form, as appropriate.
    Table 1. Lookup types
    Field Description
    Lookup type name Provide a name for the lookup type.
    Default lookup source Select a default lookup source from the list of supported lookup sources. When a user submits a lookup request from the security incident catalog, and specifies this lookup type, the default lookup source for that type is used.
    Lookup type description Enter a description of the lookup type.
  4. Click Submit.