Adding and Editing an Indicator
Scenario
The indicator library list displays information about all your indicators.
This section describes how to create and edit an indicator.
Adding an Indicator
- Log in to the management console.
- Click in the upper left corner of the management console and select a region or project.
- Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
- In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 1 Workspace management page
- In the navigation pane on the left, choose
.Figure 2 Indicators
- On the Indicators page, click Add. On the Add page, set parameters.
Table 1 Indicator parameters Parameter
Description
Indicator Name
Name of a user-defined threat indicator. The value can contain:
Only uppercase letters, lowercase letters, digits, and the special characters: -_ ()
Type
Indicator type.
Threat Degree
Select a threat degree level.
- Black: dangerous
- Gray: minor
- White: secure
Data Source Product Name
Data source product name
Data Source Type
Type of the data source. The options are Cloud Service, Third-party, and Private.
Status
Indicator status. Possible values are Open, Closed, and Revoked.
(Optional) Confidence
Reliability of the selected indicator. The value ranges from 80 to 100.
(Optional) Owner
Primary owner of the indicator.
(Optional) Labels
Label of a user-defined counter.
First Occurrence Time
First occurrence time of the indicator.
Last Occurrence Time
Latest occurrence time of the indicator.
(Optional) Expiration Time
Expiration time of the indicator.
Invalid or not
Whether to invalidate the indicator. The default value is No.
Granularity
Granularity of the indicator. The options are First time observed, In-house data, To be purchased, and Queried from external networks.
Other parameters
You need to set the parameters based on the selected type. Set the parameters as prompted.
For example, if you select IPv6 for Type, you also need to configure the IP address, email account, and region.
- Click OK.
Editing an Indicator
- Log in to the management console.
- Click in the upper left corner of the management console and select a region or project.
- Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
- In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 3 Workspace management page
- In the navigation pane on the left, choose
.Figure 4 Indicators
- On the Indicators page, locate the target indicator and click Edit in the Operation column.
- On the Edit page that is displayed, edit indicator parameters.
Table 2 Indicator parameters Parameter
Description
Indicator Name
Name of a user-defined threat indicator. The value can contain:
Only uppercase letters, lowercase letters, digits, and the special characters: -_ ()
Type
Indicator type.
Threat Degree
Select a threat degree level.
- Black: dangerous
- Gray: minor
- White: secure
Data Source Product Name
Name of the data source, which cannot be changed
Data Source Type
Type of the data source, which cannot be changed
Status
Indicator status. Possible values are Open, Closed, and Revoked.
Confidence
Reliability of the selected indicator. The value ranges from 80 to 100.
Owner
Primary owner of the indicator.
Labels
Label of a user-defined indicator.
First Occurrence Time
First occurrence time of the indicator.
Last Occurrence Time
Latest occurrence time of the indicator.
Expiration Time
Expiration time of the indicator.
Invalid or not
Whether to invalidate the indicator. The default value is No.
Granularity
Granularity of the indicator. The options are First time observed, In-house data, To be purchased, and Queried from external networks.
Other parameters
You need to set the parameters based on the selected type. Set the parameters as prompted.
For example, if you select IPv6 for Type, you also need to configure the IP address, email account, and region.
- Click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.