Updated on 2024-11-21 GMT+08:00

Adding and Editing an Indicator

Scenario

The indicator library list displays information about all your indicators.

This section describes how to create and edit an indicator.

Adding an Indicator

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Workspace management page

  5. In the navigation pane on the left, choose Threat Operations > Indicators.

    Figure 2 Indicators

  6. On the Indicators page, click Add. On the Add page, set parameters.

    Table 1 Indicator parameters

    Parameter

    Description

    Indicator Name

    Name of a user-defined threat indicator. The value can contain:

    Only uppercase letters, lowercase letters, digits, and the special characters: -_ ()

    Type

    Indicator type.

    Threat Degree

    Select a threat degree level.

    • Black: dangerous
    • Gray: minor
    • White: secure

    Data Source Product Name

    Data source product name

    Data Source Type

    Type of the data source. The options are Cloud Service, Third-party, and Private.

    Status

    Indicator status. Possible values are Open, Closed, and Revoked.

    (Optional) Confidence

    Reliability of the selected indicator. The value ranges from 80 to 100.

    (Optional) Owner

    Primary owner of the indicator.

    (Optional) Labels

    Label of a user-defined counter.

    First Occurrence Time

    First occurrence time of the indicator.

    Last Occurrence Time

    Latest occurrence time of the indicator.

    (Optional) Expiration Time

    Expiration time of the indicator.

    Invalid or not

    Whether to invalidate the indicator. The default value is No.

    Granularity

    Granularity of the indicator. The options are First time observed, In-house data, To be purchased, and Queried from external networks.

    Other parameters

    You need to set the parameters based on the selected type. Set the parameters as prompted.

    For example, if you select IPv6 for Type, you also need to configure the IP address, email account, and region.

  7. Click OK.

Editing an Indicator

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 3 Workspace management page

  5. In the navigation pane on the left, choose Threat Operations > Indicators.

    Figure 4 Indicators

  6. On the Indicators page, locate the target indicator and click Edit in the Operation column.
  7. On the Edit page that is displayed, edit indicator parameters.

    Table 2 Indicator parameters

    Parameter

    Description

    Indicator Name

    Name of a user-defined threat indicator. The value can contain:

    Only uppercase letters, lowercase letters, digits, and the special characters: -_ ()

    Type

    Indicator type.

    Threat Degree

    Select a threat degree level.

    • Black: dangerous
    • Gray: minor
    • White: secure

    Data Source Product Name

    Name of the data source, which cannot be changed

    Data Source Type

    Type of the data source, which cannot be changed

    Status

    Indicator status. Possible values are Open, Closed, and Revoked.

    Confidence

    Reliability of the selected indicator. The value ranges from 80 to 100.

    Owner

    Primary owner of the indicator.

    Labels

    Label of a user-defined indicator.

    First Occurrence Time

    First occurrence time of the indicator.

    Last Occurrence Time

    Latest occurrence time of the indicator.

    Expiration Time

    Expiration time of the indicator.

    Invalid or not

    Whether to invalidate the indicator. The default value is No.

    Granularity

    Granularity of the indicator. The options are First time observed, In-house data, To be purchased, and Queried from external networks.

    Other parameters

    You need to set the parameters based on the selected type. Set the parameters as prompted.

    For example, if you select IPv6 for Type, you also need to configure the IP address, email account, and region.

  8. Click OK.