Analyze, assess, and disseminate observables

  • Freigeben Version: Australia
  • Aktualisiert 12. März 2026
  • 1 Minute Lesedauer

    • Learn how to analyze and disseminate observables which are related to threat.

    Vorbereitungen

    Role required:
    • System Administrator (view, create or edit)
    • sn_sec_tisc.admin (view)

    Warum und wann dieser Vorgang ausgeführt wird

    Whenever a sighting search enrichment is requested, it returns with no sightings.

    Prozedur

    1. Navigate to All > Threat Intelligence Security Center > Administration.
    2. Select Automated Flows.
    3. Select Analyze, assess and disseminate on the IoCs related to threat action link to view the respective rule details in the flow designer.
    4. View the flow designer action for the following trigger: 
      Sighting Created where (Sighting count is 0)
    5. The observable has a threat score greater than 80, confidence greater than 80 and reputation is malicious:
      1. Add the observable to deny list.
      2. End the flow for this observable.
    6. Else, the observable reputation is suspicious, and the threat score is in the range of 60-80:
      1. Add a tag called Potential New Threat.
      2. Add the observable to watch list.
      3. Create a case task with CTI team to track this observable and analyze further.
      4. Link observable to the case for investigation.
        Analyze, assess, and disseminate on the IoC’s related to threat.