Source Status Details

When you hover over a source's Status value in the Sources summary page, threat intelligence director provides the additional details described below.

Data

Description

Status Message

Briefly describes the current status of the source.

Last Updated

Specifies the date and time threat intelligence director last updated the source.

Next Update

For TAXII and URL sources, this value specifies when threat intelligence director will update the source next.

Indicators

Specifies indicator counts:

  • Consumed—The number of indicators threat intelligence director processed during the most recent source update. This number represents all indicators contained in the update, regardless of whether they were ingested or discarded.

  • Discarded—The number of malformed indicators that the system did not add to threat intelligence director during the most recent update.

    Note

    For TAXII sources, threat intelligence director provides separate Last Update and Total indicator counts, because TAXII updates add incremental data, rather than replacing existing data. For indicators from other source types, threat intelligence director provides only the Last Update count, because updates from those sources replace the existing data set entirely.

    If all of an indicator's observables are Invalid, threat intelligence director discards the indicator.

Observables

Specifies observable counts:

  • Consumed—The number of observables threat intelligence director processed during the most recent source update. This number represents all observables contained in the update, regardless of whether they were ingested or discarded.

  • Unsupported—The number of unsupported observables that the system did not add to threat intelligence director during the most recent update.

    For more information about supported observable types, see information about content types in Source Requirements.

  • Invalid—The number of invalid observables that the system did not add to threat intelligence director during the most recent update.

    An observable is invalid if it is improperly constructed. For example, 10.10.10.10.123 is not a valid IPv4 address.

    Note

    For TAXII sources, threat intelligence director provides separate Last Update and Total observable counts, because TAXII updates add incremental data, rather than replacing existing data. For observables from other source types, threat intelligence director provides only the Last Update count, because updates from those sources replace the existing data set entirely.