Help Center> SecMaster> User Guide> Threat Operations> Indicator Management> Creating an Indicator

Updated on 2023-12-22 GMT+08:00

View PDF

Creating an Indicator

Scenario

The indicator library list displays information about all your indicators.

This section describes how to create an indicator.

Procedure

Log in to the management console.
Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
In the navigation pane, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

Figure 1 Workspace management page
In the navigation pane on the left, choose Threat Operations > Indicators.

Figure 2 Indicators

On the Indicators page, click Add. On the Add page, set parameters.

**Table 1** Indicator parameters
Parameter	Description
Indicator Name	Name of a user-defined threat indicator. The value can contain: Only uppercase letters, lowercase letters, digits, and the special characters: -_ ()
Type	Indicator type.
Threat Degree	Select a threat degree level. Black: dangerous Gray: minor White: secure
Data Source Product Name	Data source product name
Data Source Type	Type of the data source. The options are Huawei, Third-party, and Tenant.
Status	Indicator status. Possible values are Open, Closed, and Revoked.
(Optional) Confidence	Reliability of the selected indicator. The value ranges from 80 to 100.
(Optional) Owner	Primary owner of the indicator.
(Optional) Labels	Label of a user-defined counter.
First Occurrence Time	First occurrence time of the indicator.
Last Occurrence Time	Latest occurrence time of the indicator.
(Optional) Expiration Time	Expiration time of the indicator.
Invalid or not	Whether to invalidate the indicator. The default value is No.
Granularity	Granularity of the indicator. The options are First time observed, Self-produced data, To be purchased, and Query from external network.
Other parameters	You need to set the parameters based on the selected type. Set the parameters as prompted. For example, if you select ipv6 for Type, you also need to configure the IP address, email account, and region.

Click OK.

Parent topic: Indicator Management

Previous topic: Indicator Management

Next topic: Disabling Indicators

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel