Indicator Summary Information

The Indicators page displays summary information for all indicators associated with configured sources.

Indicators Summary Information

Field

Description

Type

  • Indicators that have a single observable list the data type of that observable (URL, SHA-256, etc.)

  • Indicators that have two or more observables are listed as Complex.

Hover over the type to see the specific observable.

Name

The indicator name.

Source

The source that contained the indicator (the parent source).

Incidents

Information about any incidents associated with the indicator:

  • an icon specifying whether the incident is Partially or Fully realized

  • the number of incidents associated with the indicator

Action

The action associated with the indicator. For more information, see Edit Threat Intelligence Director Actions at the Source, Indicator, or Observable Level.

Indicators can inherit Action settings from a parent source, and observables can inherit Action settings from a parent indicator. For more information, see Inheritance in Threat Intelligence Director Configurations.

Publish

The publish setting for the indicator. For more information, see Pause or Publish Threat Intelligence Director Data at the Source, Indicator, or Observable Level.

Indicators can inherit Publish settings from a parent source, and observables can inherit Publish settings from a parent indicator. For more information, see Inheritance in Threat Intelligence Director Configurations.

Last Updated

The date and time threat intelligence director last updated the indicator.

Status

The current status of the indicator:

  • Pendingthreat intelligence director is ingesting the indicator's observables.

  • Completedthreat intelligence director successfully ingested all of the indicator's observables.

  • Completed With Errorsthreat intelligence director finished ingesting the indicator, but some observables are unsupported or invalid.