Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.
  • Madrid
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store

Manage observables

Log in to subscribe to topics and get notified when content changes.

Manage observables

Observables are artifacts found on a network or operating system that are likely to indicate an intrusion. Typical observables are IP addresses, MD5 hashes of malware files or URLs, or domain names. Threat Intelligence observable table data is available from within a security incident.

Observables information includes value, type, context, and timestamp.

You can create or delete observables manually or automatically through lookup requests.

A new Finding column has been added to the Threat Lookup Results tab. Possible values are: Malicious and Unknown.

  • If an IoC lookup request does not find a security incident observable, it is labeled Unknown.
  • If an IoC lookup request does find a security incident observable, it is labeled Malicious.

During an upgrade, existing items have the Finding column set to Malicious.

Note: While Threat Intelligence observables table data is part of a security incident, no other interaction with the Threat Intelligence module is included. For full threat functionality, the Threat Intelligence plugin is available by subscription.