TISC Library Objects form view

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of TISC Library Objects form view

    The Threat Intelligence Security Center (TISC) Library Objects form view provides a comprehensive interface for managing and interacting with Security Domain Objects (SDOs) within ServiceNow. It consolidates detailed threat intelligence information, source records, related data, and enrichment results to assist security analysts in threat investigation and response.

    Show full answer Show less

    Key Features

    • Details tab: View or edit SDOs in a structured form.
    • Source Records tab: Displays aggregated source records automatically created from feeds or manually by users.
    • Related Records tab: Lists all records related to the SDO for comprehensive context.
    • Relationship Graph tab: Provides a visual map of related objects for easier threat understanding.
    • Internal Intelligence tab: Shows internal intelligence records linked to the objects.
    • Enrichment Results tab: Lists integrations that enrich the objects with additional data.
    • Form banner: Read-only summary displaying key fields such as Type, Confidence, Threat Score, Sightings, Status, and Expiration Time.
    • Form banner UI actions: Security controls allowing analysts to add observables to allow list, deny list, or watch list. These actions apply only to observables.
    • Form UI actions: Common actions include adding objects to cases, running observable enrichment, saving, and deleting records.
    • Right Contextual menu: Quick access to attachments, notes, and insights related to the object. Attachments pane is displayed by default for observables and indicators, enhancing documentation and collaboration.
    • Search functions: Two search options enable efficient discovery within the Threat Intel library:
      • Navigator Search: Search various objects within the TI library module.
      • Threat Intel Library Search: Search source records across multiple sources using flexible criteria, with results shown in a separate tab for easy browsing and refinement.

    Practical Benefits for ServiceNow Customers

    This form view equips security analysts with an integrated workspace to investigate threats thoroughly by correlating multiple intelligence sources and related records. The visual relationship graphs, enrichment integration, and quick access to attachments and notes streamline threat analysis workflows. The ability to manage observables through allow, deny, or watch lists directly from the form enhances operational security controls.

    Additionally, the robust search capabilities allow analysts to quickly locate relevant threat intelligence records, improving efficiency and response times. The form UI actions support seamless case management and data enrichment, ensuring that intelligence is actionable and well-documented.

    The Threat Intelligence Security Center objects home page consists of the following features.

    Use or navigate to these following sections and learn more about each SDOs in detail.

    TISC Objects home page view
    Table 1. TISC library objects form view
    Order Menu/Tab Description
    1 Details tab Use this section to view or edit the SDOs in the form view.
    2 Source Records tab Source records contribute to an aggregated record as displayed in the form view. These source records are auto created from feeds or manually created by the user.
    3 Related Records tab Lists all the related records associated with the SDO.
    4 Relationship Graph tab Visual representation of the related objects.
    5 Internal Intelligence tab Lists the internal intelligence records of the associated objects.
    6 Enrichment Results tab Lists the enrichment integrations associated with the objects.
    7 Form banner This is read-only section, which contains the key fields such as Type, Confidence, Threat score, Number of Sightings, Status and Expiration time.
    8 Form banner UI actions These are the security control lists that are available for you to click if they are needed to be added to the allow list, removed from the allow list (Deny list), or add it to the watch list based on the observables. Click to:
    • add to watch list
    • add to deny list
    • add to allow list
    Note:
    The Form actions are applicable only to Observables.
    9 Form UI actions The available form UI actions are:
    1. Add to Case: Add the objects to the case.
    2. Run Observable Enrichment: Run the enrichments to the selected objects.
    3. Save: Save the record.
    4. Delete: Delete the record.
    10 Right Contextual menu Provides easy access to the quick controls such as attachments, notes, and so on, based on the tasks associated with that object. This option is available across the remaining two tabs for the threat analyst to access whenever required.
    The contextual menu provides easy navigation to:
    1. Attachments: Attach any file that are related to the objects.
      Note:
      Whenever you either create a new observable, indicators, or any objects or view the existing objects, the Attachments pane is by default displayed on the respective form view. You can either click the Attachments icon on the right-contextual menu or go to Preferences > Workspaces and disable the Show the sidebar. For more information, see Configure Next Experience Workspace preferences.
    2. Insights: Add any additional information related to the observables or indicators which are associated with that object.
    NA Search in Navigator Use this search function to search for various objects within the Threat Intel (TI) library. For example, you can search for all observables records within the TI library module.
    NA Search in Threat Intel Library Use this search function to search for the source records across multiple sources based on your search criteria. The results will be displayed in a separate Search Results tab. For example, for an IP address 104.227.137.35, if you need to search the records, by entering 104.* then searching will narrowed down the records and displays the records that contains the IP address starting with 104 in the separate Search Results tab.
    • You can also modify the existing search keywords in the Search Criteria on the same Search Results page without going back to the Threat Library page.
    • Similarly, you can also search based on the name and description of any particular record.
    • Once the records are filtered and listed, you can click on the list view which will take you to the respective record in a new tab.