Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Create a security incident from shared observables

Create a security incident from shared observables

Automatically create Security Incidents from threat intelligence shared with you, if the sighting count after a sightings search exceeds your preset threshold.

Before you begin

Role required: sn_si.analyst

Procedure

  1. Configure the sightings threshold.
  2. Define a threshold for each Sightings Search Source for which you want to automatically create security incidents when the defined threshold is exceeded.
    When the sighting count of any observable searched in your environment exceeds the threshold, a security incident is created and all the observables in the search are added to that security incident. If a security incident already exists with the same list of observables, the new incident is made a child incident.