How to Update the Status of an Observable#
This topic provides step-by-step instructions for updating the status of an observable in TheHive.
Required permissions
Only users with the manageObservable permission can manage observables in TheHive.
Bulk updates
You can edit multiple observables at once. Follow the instructions in the Edit Multiple Observables topic.
Mark an observable as sighted#
Mark an observable as sighted when you detect or observe it in your environment.
-
Locate the observable you want to update.
-
In the observable details, turn on the Sighted toggle.
-
Select Save.
Mark an observable as indicator of compromise (IOC)#
Mark an observable as an indicator of compromise (IOC) if you recognize it as related to suspicious or malicious activity.
-
Locate the observable you want to update.
-
In the observable details, turn on the IOC toggle.
-
Select Save.
Next steps
- Add an Observable
- Remove an Observable
- Edit Multiple Observables
- Pin an Observable
- Export Data from Observables
- Run Analyzers and Review Reports for an Observable
- Run Responders and Review Reports for an Observable
- Import Observables from Analyzer Reports
- Exclude an Observable from Similarity Checks