Create Private Indicator
You can create a private indicator if you see a pattern of behavior or a set of conditions which indicate malicious behavior.
To create a private indicator, perform the following steps:
-
Choose Intelligence > Indicators in the navigation menu and then click the Private tab to display the list of private indicators.
-
Click Create Indicator in the upper right corner to open the drawer.
- Complete the form:
-
Source - Enter the title of the source of the indicator.
-
Source URI - Enter the URL of the source of the indicator.
-
Confidence - Click the option that indicates the level of confidence of the accuracy of the indicator.
-
Severity - Click the option that indicates the severity level of the indicator.
-
TLP - Click the option for the TLP designation.
- Click Save. A message is displayed in the lower right corner indicating the new indicator has been created.
|
Field |
Description |
|---|---|
|
Title |
Enter a short descriptive title to be used as the primary display and reference value. |
|
Expiration |
Required. By default, indicators are set to never expire. If you want to specify an expiration date, uncheck the Never expires check box and pick a date on the calendar. |
|
Description |
Enter a descriptive summary of the indicator that provides more details. |
|
Short Description |
Enter a single line, short summary of the indicator. |
|
Likely Impact |
Enter the expected impact within the relevant context if the indicator occurs. |
|
Tags |
Enter searchable descriptors for the indicator, separated by commas. |
|
External ID |
Click Add External ID and enter the external reference ID in the text box. You can enter multiple external IDs. To remove an external ID, click the Delete icon next to it. |
|
Origin |
Enter the origin information for the indicator: |
|
Flags |
Specify the confidence, severity, and TLP designation for the indicator: |
|
Kill Chain Phases |
Check the check boxes for all relevant kill chain phases indicated by the indicator. |
|
Indicator Type |
Check the check boxes for all applicable type classifications to be assigned to the indicator. |
|
External References |
Click Add External Reference and enter information about external sources of the indicator in the text box. You can add multiple external references. To remove an external reference, click the Delete icon next to it. |