Managing Indicators
This section describes how to perform operations such as Viewing an Indicator, Editing an Indicator, and Deleting an Indicator.
Viewing an Indicator
- Log in to the management console.
- Click in the upper left corner of the page and choose .
- In the navigation pane, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 1 Management
- In the navigation pane on the left, choose Threat Operations > Indicators.
Figure 2 Indicators
- In the upper part of the Indicators page, view threat indicator statistics.
Figure 3 Indicator overview
- Indicator Type: displays the total number of indicators of all types and the number of indicators of the corresponding type.
- Overdue Indicator: displays the total number of threat indicators that have expired and have not been closed.
- Indicator Status: displays the total number of indicators in different states and the number of indicators in the corresponding state.
- Threat Degree: displays the number of indicators corresponding to different threat levels.
- In the indicator management list, view the indicator details. For details about the parameters, see Table 1.
You can view a maximum of 9,999 indicator records on the page.
Table 1 Indicator parameters Parameter
Description
Indicator Name
Indicator name.
Indicator ID
ID of an indicator.
Threat Degree
Threat degree corresponding to an indicator. The options are black, white, and gray.
Type
Indicator type.
Status
Indicator status. The options are Open, Closed, and Revoked.
Confidence
Confidence of an indicator.
Owner
Owner of an indicator.
First Occurrence Time
First occurrence time of the indicator.
Creation Time
Time when an indicator was created.
Expiration Time
Time when an indicator expires.
Operation
Operations that can be performed for an indicator, including editing, closing, and deleting an indicator.
- To view details about an indicator, click the indicator name. The indicator details are displayed on the right of the page.
Editing an Indicator
- Log in to the management console.
- Click in the upper left corner of the page and choose .
- In the navigation pane, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 4 Management
- In the navigation pane on the left, choose Threat Operations > Indicators.
Figure 5 Indicators
- On the Indicators page, locate the target indicator and click Edit in the Operation column.
- On the Edit page that is displayed, edit indicator parameters.
Table 2 Indicator parameters Parameter
Description
Indicator Name
Name of a user-defined threat indicator. The value can contain:
Only letters, digits, and special characters (-_()).
Type
Indicator type
Threat Degree
Select a threat level.
- Black: dangerous
- Gray: minor
- White: secure
Data Source Product Name
Name of the data source, which cannot be changed
Data Source Type
Type of the data source, which cannot be changed
Status
Indicator status. Possible values are Open, Closed, and Revoked.
Confidence
Reliability of the selected indicator. The value ranges from 80 to 100.
Owner
Primary owner of the indicator.
Labels
Label of a user-defined indicator.
First Occurrence Time
First occurrence time of the indicator.
Last Occurrence Time
Latest occurrence time of the indicator.
Expiration Time
Expiration time of the indicator.
Invalid or not
Whether to invalidate the indicator. The default value is No.
Granularity
Granularity of the indicator. The options are First time observed, Self-produced data, To be purchased, and Query from external network.
Other parameters
You need to set the parameters based on the selected type.
For example, if you select ipv6 for Type, you also need to configure the IP address, email account, and region.
- Click OK.
Deleting an Indicator
- Log in to the management console.
- Click in the upper left corner of the page and choose .
- In the navigation pane, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 6 Management
- In the navigation pane on the left, choose Threat Operations > Indicators.
Figure 7 Indicators
- On the Indicators page, locate the target indicator and click Delete in the Operation column.
- In the dialog box that is displayed, click OK.
Deleted indicators cannot be restored. Exercise caution when performing this operation.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot