Data migration from SIR TI to TISC

Release version: Yokohama

Updated January 30, 2025

2 minutes to read

Data Migration Job Configuration in TISC enables you to move the existing Threat intelligence plugin data to TISC plugin data directly.

Before you begin

Role required: sn_sec_tisc.admin

About this task

Selective Record Migration: Only records from the selected table that meet specified conditions are migrated.
Include Relationships: Related records are migrated only if the Include Relationships check box is selected.
Entity Migration Status: Once an entity (observable or object) is migrated, it won't be included in further migrations unless it is being migrated as a related record.
Case Records: Only active records are migrated by default, unless the Include Closed Cases check box is selected.

Procedure

Navigate to All > Threat Intelligence Security Center > Data Migration Job Configuration.
Click New.

On the form, fill the fields as appropriate.

Table 1. Data Migration Job Configuration
Field	Description
Name	Name of the data migration.
Table	Select the table from which the records should be migrated to TISC. The TISC table options for migration are: Observable(sn_ti_observable) Indicator of Compromise(sn_ti_indicator) Security Case(sn_ti_case) STIX V2 objects (sn_ti_stix2_object) (options such as attack patterns, campaigns, course of action) Note: When you select the STIX V2 option then all the STIX objects are migrated except the MITRE ATT&CK as TISC has a different framework to migrate the MITRE ATT&CK. When you select to migrate security case then the closed cases won’t be migrated but only the active cases are migrated. For example, select Observable migration table.
Active	Select this check box if the data migration process is active.
Include Relationships	Select the check box to migrate the relationships of threat intelligence records to TISC records. Note: When you select this check box all the related entities are migrated along with the observable and If the check box is not selected, only the single observable will be migrated, without any related entities.
Include Closed Cases	Select this check box if you want to include the closed cases as part of case records migration.
Only Migrate Observables Associated to Security Incident	Select the check box for migrating the observables that are associated with the security incidents and if the check box is not selected, all the observables will be migrated, regardless of their association with security incidents.
Conditions	Option to select the conditions that can be used to filter data being migrated.
Additional Configurations
Confidence	Enter the confidence for the migrated TISC entities (observables or objects or indicators). The confidence should be between 0-100 range.
Expiry period (days)	The expiry period for the migrated TISC entities.

Note:

The system ignores or skips the records that are already migrated to TISC when fetched again.

Click Submit.
Click Execute Now to execute the data migration.
When you execute the data migration then a background job is run and the migration job gets created. This job creates a migration process and the batch size of these migration records is 5000.
Verify the migration job status under the Migration Job Runs section.
The job status will be queued and the maximum limit of the batch size should not be exceeding 5000 records. Click on the record to view the objects that are all migrated for that specific entity.
Verify the migration job status under the Migration Job Runs related list.
Click on the record to view the processing status.
Verify the batch migration status under the Migration Processing Queue records related list section in the migration job run record.
The batch size for migration of records is 5000.
Verify the TISC entities created as part of batch migration under respective related lists in Migration Processing Queue record.