Indicator Details

The Indicator Details page displays indicator and observable data for an incident.

Indicator Details Information

Field

Description

Name

The indicator name.

Description

The indicator description provided by the source.

Source

The source that contained the indicator.

Expires

The date and time the indicator will expire, based on the source's TTL value.

Action

The action associated with the indicator. For more information, see Edit Threat Intelligence Director Actions at the Source, Indicator, or Observable Level.

Indicators can inherit the Action setting from a parent source, and observables can inherit the Action setting from a parent indicator. For more information, see Inheritance in Threat Intelligence Director Configurations.

Publish

The publish setting for the indicator. For more information, see Pause or Publish Threat Intelligence Director Data at the Source, Indicator, or Observable Level.

Indicators can inherit the Publish setting from a parent source, and observables can inherit the Publish setting from a parent indicator. For more information, see Inheritance in Threat Intelligence Director Configurations.

Indicator Pattern

The observables and operators that form the indicator's pattern. Operators link the observables within the indicator. AND relationships are indicated with the AND operator. OR relationships are indicated with the OR operator or by a close grouping of several observables.

Optionally, click the Add to Do-Not-Block List button to add an observable to the Do Not Block list. For more information, see About Adding Threat Intelligence Director Observables to the Do Not Block List.