In this section you can find information about observables.
Observables represent stateful properties (such as the MD5 hash of a file or the value of a registry key) or measurable events (such as the creation of a registry key or the deletion of a file) that are pertinent to the operation of computers and networks.
- Click the + to add an observable.
- Type the Type.
- Type the Value.
- Select TLP, (White/Green/Amber/Red) from the options.
- Select PAP, (White/Green/Amber/Red) from the options.
- Switch the on button for Is IOC. (IoC repository contains objects, and each of the objects contain a specific piece of information.)
- Switch on the button for Has Been Sighted.
- Switch on the button for Ignore Similarity.
- Add Tags. (Refer to
- Type the Description.
- Click the Save and add another button.
- Click the Confirm button.
You can make use of any of the available actions.
- Click the Delete option to remove an observable.
A message pops-up
- Click the OK button.
- Click the Run Analyzers option.
A new window opens.
- Select one or more Analyzers from the list.
- Click the Run Analyzers button.
- Click the Responders option.
- Click the Pin/Unpin option to pin or unpin observables.
To Export an observable details file:
- Click the Export option.
- A file is downloaded, that can be exported/sent.
- Click the Copy data option.