Edit a security incident observable list

You can edit which observables in the list associated with a security incident to display.

Before you begin

Role required: sn_si.basic


  1. Navigate to Security Incident.
  2. Choose an incident.
  3. Click Security Incident Observables related list tab.
  4. Click Edit.
  5. Add or remove observables from the list. Create a filter for long lists.
    Edit observables list example
  6. Click Save.
    Note: When you add an observable to the security incident, the system checks for any other configuration items or users associated with it. The Related Configuration Items and Related Users related list tabs are updated accordingly. Also, if the Threat Intelligence plugin is activated, and you have at least one integration implementation activated, the Security Operations Integration - Threat Lookup capability executes one or more workflows, and threat security lookups are performed on the observables you added. The results appear in the Threat Lookup Results tab.