Analyze and assess threat IoC’s

  • Freigeben Version: Australia
  • Aktualisiert 12. März 2026
  • 1 Minute Lesedauer

    • Learn how to analyze an IOC’s which are a threat and notifying the security incident team.

    Vorbereitungen

    Role required:
    • System Administrator (view, create or edit)
    • sn_sec_tisc.admin (view)

    Warum und wann dieser Vorgang ausgeführt wird

    Whenever a sighting search enrichment is requested:
    • if the observable is sighted (count > 0) and
    • Observable Reputation is Malicious and
    • Observable Threat score is > 80 and
    • Observable Confidence > 80

    Prozedur

    1. Navigate to All > Threat Intelligence Security Center > Administration.
    2. Select Automated Flows.
    3. Select Analyze, assess the IoCs related to the threat and create incident action link to view the respective rule details in the flow designer.
    4. View the flow designer action for the following trigger: 
      Sighting Created where (Sighting count greater than 0, and Observable. Reputation is Malicious, and Observable. Threat Score greater than 80, and Observable. Confidence greater than 80)
    5. If Sighting Created where (Sighting count greater than 0, and Observable. Reputation is Malicious, and Observable. Threat Score greater than 80, and Observable. Confidence greater than 80), then:
      1. Create an security incident and add the observable to the incident.
      2. Add Observables to Security Incident V1.
      3. Send an email communication.
        Analyze, assess the IoC’s related to the threat and create incident.