Publish observables to a third-party watchlist

  • Freigeben Version: Australia
  • Aktualisiert 12. März 2026
  • 1 Minute Lesedauer

    • You can publish one or more observables or associated indicators to a third-party watchlist. Currently, the only implementation that supports this functionality is CrowdStrike Falcon Host.

    Vorbereitungen

    Role required: sn_si.analyst

    Warum und wann dieser Vorgang ausgeführt wird

    Hinweis:
    If no implementations are available, capability actions are not displayed in product menus.

    Prozedur

    1. Navigate to a security incident.
    2. Select Observables from the Related List tab.
    3. Click Publish to Watchlist in the Actions on selected rows... drop-down menu.
      Run Publish to Watchlist
      The dialog box appears.
      Publish to Watchlist dialog box
    4. Enter or choose the implementation.
      Hinweis:
      A workflow is triggered by the Security Operations Integration- Publish to Watchlist capability when you select the CrowdStrike Falcon Host implementation.
    5. Click Submit.