Help Center> SecMaster> User Guide (ME-Abu Dhabi Region)> Threat Operations> Indicator Management> Managing Indicators
Updated on 2023-10-31 GMT+08:00
View PDF

Managing Indicators

This section describes how to perform operations such as Viewing an Indicator, Editing an Indicator, and Deleting an Indicator.

Viewing an Indicator

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security > SecMaster.
  3. In the navigation pane, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Management

  4. In the navigation pane on the left, choose Threat Operations > Indicators.

    Figure 2 Indicators

  5. In the upper part of the Indicators page, view threat indicator statistics.

    Figure 3 Indicator overview
    • Indicator Type: displays the total number of indicators of all types and the number of indicators of the corresponding type.
    • Overdue Indicator: displays the total number of threat indicators that have expired and have not been closed.
    • Indicator Status: displays the total number of indicators in different states and the number of indicators in the corresponding state.
    • Threat Degree: displays the number of indicators corresponding to different threat levels.

  6. In the indicator management list, view the indicator details. For details about the parameters, see Table 1.

    You can view a maximum of 9,999 indicator records on the page.

    Table 1 Indicator parameters

    Parameter

    Description

    Indicator Name

    Indicator name.

    Indicator ID

    ID of an indicator.

    Threat Degree

    Threat degree corresponding to an indicator. The options are black, white, and gray.

    Type

    Indicator type.

    Status

    Indicator status. The options are Open, Closed, and Revoked.

    Confidence

    Confidence of an indicator.

    Owner

    Owner of an indicator.

    First Occurrence Time

    First occurrence time of the indicator.

    Creation Time

    Time when an indicator was created.

    Expiration Time

    Time when an indicator expires.

    Operation

    Operations that can be performed for an indicator, including editing, closing, and deleting an indicator.

  7. To view details about an indicator, click the indicator name. The indicator details are displayed on the right of the page.

Editing an Indicator

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security > SecMaster.
  3. In the navigation pane, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 4 Management

  4. In the navigation pane on the left, choose Threat Operations > Indicators.

    Figure 5 Indicators

  5. On the Indicators page, locate the target indicator and click Edit in the Operation column.
  6. On the Edit page that is displayed, edit indicator parameters.

    Table 2 Indicator parameters

    Parameter

    Description

    Indicator Name

    Name of a user-defined threat indicator. The value can contain:

    Only letters, digits, and special characters (-_()).

    Type

    Indicator type

    Threat Degree

    Select a threat level.

    • Black: dangerous
    • Gray: minor
    • White: secure

    Data Source Product Name

    Name of the data source, which cannot be changed

    Data Source Type

    Type of the data source, which cannot be changed

    Status

    Indicator status. Possible values are Open, Closed, and Revoked.

    Confidence

    Reliability of the selected indicator. The value ranges from 80 to 100.

    Owner

    Primary owner of the indicator.

    Labels

    Label of a user-defined indicator.

    First Occurrence Time

    First occurrence time of the indicator.

    Last Occurrence Time

    Latest occurrence time of the indicator.

    Expiration Time

    Expiration time of the indicator.

    Invalid or not

    Whether to invalidate the indicator. The default value is No.

    Granularity

    Granularity of the indicator. The options are First time observed, Self-produced data, To be purchased, and Query from external network.

    Other parameters

    You need to set the parameters based on the selected type.

    For example, if you select ipv6 for Type, you also need to configure the IP address, email account, and region.

  7. Click OK.

Deleting an Indicator

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security > SecMaster.
  3. In the navigation pane, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 6 Management

  4. In the navigation pane on the left, choose Threat Operations > Indicators.

    Figure 7 Indicators

  5. On the Indicators page, locate the target indicator and click Delete in the Operation column.
  6. In the dialog box that is displayed, click OK.

    Deleted indicators cannot be restored. Exercise caution when performing this operation.

Parent topic: Indicator Management