Indicators Page

Perform actions and search for indicators on the Indicators page.
The Indicators page displays indicator dashboards, a table or summary view of all indicators, and enables you to perform several indicator actions.
Indicator actions
You can perform the following actions on the Indicators page.
Action
Description
Create incident
Creates an incident from the selected indicators and populates relevant incident fields with indicator data.
Edit
You can edit a single indicator or select multiple indicators to perform a bulk edit.
Delete and Exclude
You can select to delete and exclude one on or more indicators from all indicator types or from a subset of indicator types.
If you select the
Do not add to exclusion list
check box, the selected indicators are only deleted.
Export
Exports the selected indicators to a CSV file.
Export (STIX)
Exports the selected indicators to a STIX file.
Upload a STIX file
Uploads a STIX file and adds the indicators from the file to the system.
Create a new indicator
Manually creates a new indicator in the system.
Indicator query
You can search for indicators using any of the available search fields, but there are several fields specific to indicators that you can use to search for indicators.
Field
Description
sourceBrands
Indicator feed or enrichment integrations.
sourceInstances
A specific instance of an indicator feed or enrichment integration.
expirationSource
The source of the indicator having expired status.
isShared
Whether the indicator is shared to tenant accounts (multi-tenant only).
tags
Tags applied to indicators.
comments
Search for keywords within indicators’ comments.

Recommended For You