Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.
  • Madrid
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store

Create a security incident from shared observables

Log in to subscribe to topics and get notified when content changes.

Create a security incident from shared observables

Automatically create Security Incidents from threat intelligence shared with you, if the sighting count after a sightings search exceeds your preset threshold.

Before you begin

Role required: sn_si.analyst


  1. Configure the sightings threshold.
  2. Define a threshold for each Sightings Search Source for which you want to automatically create security incidents when the defined threshold is exceeded.
    When the sighting count of any observable searched in your environment exceeds the threshold, a security incident is created and all the observables in the search are added to that security incident. If a security incident already exists with the same list of observables, the new incident is made a child incident.