Run Observable Enrichment

  • Versão de lançamento: Australia
  • Atualizado 12 de mar. de 2026
  • 1 min. de leitura

    • Select one or more implementations as applicable to run threat lookup on observables.

    Antes de Iniciar

    Role required: sn_sec_tisc.admin

    Procedimento

    1. Navigate to Workspaces > Threat Intelligence Security Center.
    2. Click Threat Analyst Workbench icon.
    3. Go to Observables > All Observables.
    4. Open any observable record.
    5. Click Run Observable Enrichment.
      The Run Observable Enrichment Select Implementations modal screen is displayed.
      Nota:
      Only supported records will be submitted against the selected implementation(s)
    6. Select the required implementation(s) (for example, WHOIS) from the list.
      Run Observable Enrichment
    7. Click Submit.
      The selected enrichment action will be executed and an information message is displayed that Threat lookup execution has started.
      Nota:
      • Once the execution initiated or completed, a work notes is posted on the activity stream of the form view.
      • The enrichment results pushed from SIR workspace can be found in the Enrichment Results tab of that corresponding Observables details page in TISC Workspace.
      • The enrichment results pushed from SIR workspace can be identified using Source field of the enrichment result table.