Identify indicator sources
-
- UpdatedJan 30, 2025
- 1 minute read
- Yokohama
- Threat Intelligence
Indicator sources are normally tracked automatically as part of the threat import process, but more sources can be manually added.
Before you begin
Role required: sn_ti.write
Procedure
- Navigate to .
- Click the indicator to which you want to add indicator sources.
- Click the Indicator Sources related list.
- Click Edit.
- As needed, use the filters to locate the indicator source you want to associate with the IoC.
- Using the slushbucket, add the indicator source to the Indicator Sources list.
- Click Save.
Related Content
- View an IoC
IoCs, sometimes referred to as indicators, are most typically retrieved from a threat data source as STIX data. If needed, you can also create IoCs.
- Add a related observable to an IoC
In addition to importing observables as STIX data, you can add related observables to an IoC manually.
- Add a related attack mode/method to an IoC
In addition to importing related attack modes/methods as STIX data, you can add related attack modes/methods to an IoC manually.
- Identify associated indicator types
If an IoC has no associated indicator types defined, it tracks all types of observables. However, if you associate one or more types of indicators to an IoC, it limits the types of observables that can be associated with the IoC.
- Add associated tasks to an IoC
In addition to importing associated tasks (such as changes and incidents) as STIX data, you can add them to an IoC manually.