Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Configure the sightings threshold

Log in to subscribe to topics and get notified when content changes.

Configure the sightings threshold

Sightings thresholds are used to determine whether a set of observables from a threat intelligence source merit being shared with a Trusted Security Circles. Only sightings whose counts exceed the specified threshold value are used to create automatic security incidents for the indicated circle.

Before you begin

Role required: sn_tis.admin


  1. Navigate to Trusted Security Circles > Sightings Thresholds.
    The Sightings Thresholds list opens.
  2. Click New.
    The Sightings Threshold form opens.
    Adding a new sighting threshold record
  3. Fill in the fields as appropriate.
    Field Description
    Sightings Search Source Select the threat intelligence source to be analyzed.
    Circle Select the Trusted Security Circles with which you want to share the threat sightings.
    Threshold Enter the maximum number of sightings of a suspicious observable that are tolerated in your environment. Only observables with a sighting count greater than this value are used to create automatic security incidents for the specified circle.
  4. Click Submit.