Publish observables to a third-party watchlist

  • Versão de lançamento: Australia
  • Atualizado 12 de mar. de 2026
  • 1 min. de leitura

    • You can publish one or more observables or associated indicators to a third-party watchlist. Currently, the only implementation that supports this functionality is CrowdStrike Falcon Host.

    Antes de Iniciar

    Role required: sn_si.analyst

    Por Que e Quando Desempenhar Esta Tarefa

    Nota:
    If no implementations are available, capability actions are not displayed in product menus.

    Procedimento

    1. Navigate to a security incident.
    2. Select Observables from the Related List tab.
    3. Click Publish to Watchlist in the Actions on selected rows... drop-down menu.
      Run Publish to Watchlist
      The dialog box appears.
      Publish to Watchlist dialog box
    4. Enter or choose the implementation.
      Nota:
      A workflow is triggered by the Security Operations Integration- Publish to Watchlist capability when you select the CrowdStrike Falcon Host implementation.
    5. Click Submit.