1. Navigate to Workspaces > Threat Intelligence Security Center > Integrations.
2. From the Integrations page, navigate to Enrichment Integrations > Sighting Search.
3. Look for the integration for which you want to view the Sighting Search Configuration, and click Edit.
4. Select the Sighting Search Configurations tab.

   You can view the list of sighting search configurations.

   

5. Click on the required Sighting Search Configuration to view the details of the configuration.
6. To generate a test sighting search query, click the Generate Test Sighting Search Query action.
   Hinweis:

   The Generate Test Sighting Search Query action would only work if you had configured sighting search query parameters. For more information, see Using Sighting Search Parameters.
7. In the Generate Test Sighting Search Query pop-up, enter or paste multiple observables using comma, new line, tab, or pipe separators to generate a test query.
8. Click Generate to generate the test sighting search query.
9. You can also perform the following actions on the Sighting Search Configurations tab:
   1. To refresh the list of sighting search configurations, click the icon.
   2. To perform a list action on the sighting search configurations, click the icon.
      You can perform the following two list actions:

      • Edit columns: You can use this action to add or remove existing columns and modify the order according to your requirements.
      • Reset widths: You can use this action to reset the widths of the columns.
   3. To filter sighting search configurations based on conditions, click the icon.

      The value 1 indicates that one condition is used for the filtering.

Maximum observables per search = "maximum number of observables that can be substituted in a single search query"

Search = "Search query that should be executed in sighting search source. 
Search query can contain substitution variables that would be substituted with observables of specific type as configured in sighting search parameters when sighting search query is formed"

1. Navigate to Workspaces > Threat Intelligence Security Center > Integrations.
2. From the Integrations page, navigate to Enrichment Integrations > Sighting Search.
3. Look for the integration for which you want to view the Sighting Search Configuration, and click Edit.
4. Select the Sighting Search Configurations tab.

   You can view the list of sighting search configurations.

5. To create a sighting search configuration, click New.

   

6. On the form, fill the fields.

   Tabelle : 1. Create a sighting search configuration

   Field	Description
   Name	Name for the sighting search configuration.
   Observable type	Defines the type of observable category.
   Sightings search source	Defines the source configured for the integration.
   Maximum observables per search	The number of observables before the search query is split into multiple queries. Set this value to 500 for this integration.
   Search	Add a native search string to form a query. For example, ${observable}.
   Is saved search	Runs a saved search, that is, the Name field should match the name of the saved search.
   Active	Query runs only if it active option is selected.

7. Click Save.