Help Center/ SecMaster/ User Guide/ Threats/ Indicator Management/ Adding and Editing an Indicator
Updated on 2025-02-26 GMT+08:00
View PDF
Share

Adding and Editing an Indicator

Scenario

The indicator library list displays information about all your indicators.

This section describes how to create and edit an indicator.

Adding an Indicator

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Workspace management page

  5. In the navigation pane on the left, choose Threats > Indicators.

    Figure 2 Indicators

  6. On the Indicators page, click Add. On the Add page, set parameters.

    Table 1 Indicator parameters

    Parameter

    Description

    Indicator Name

    Name of a user-defined threat indicator. The value can contain:

    Only uppercase letters, lowercase letters, digits, and the special characters: -_ ()

    Type

    Indicator type.

    Threat Degree

    Select a threat degree level.

    • Black: dangerous
    • Gray: minor
    • White: secure

    Data Source Product Name

    Data source product name

    Data Source Type

    Type of the data source. The options are Cloud Service, Third-party, and Private.

    Status

    Indicator status. Possible values are Open, Closed, and Revoked.

    Confidence

    Reliability of the selected indicator. The value ranges from 80 to 100.

    Owner

    Primary owner of the indicator.

    Labels

    Label of a user-defined counter.

    First Occurrence Time

    First occurrence time of the indicator.

    Last Occurrence Time

    Latest occurrence time of the indicator.

    Expiration Time

    Expiration time of the indicator.

    Invalid or not

    Whether to invalidate the indicator. The default value is No.

    Granularity

    Granularity of the indicator. The options are First time observed, In-house data, To be purchased, and Queried from external networks.

    Display Name

    If Type is set to Email, you can customize the display name of an email.

    Familial

    If Type is set to Domain name, you can customize the family the domain name belongs to.

    Email Account

    If Type is set to IPv6, IPv4, Email, or Domain name, you can configure a custom email account.

    Region

    If Type is set to IPv6 or IPv4, you can configure the region an IP address belongs to.

    URL

    If Type is set to URL, you can customize URL information.

    DNS Category

    If Type is set to Domain name, you can customize the DNS category for the domain name.

    Description

    Description of the custom indicator.

    Value

    Enter the indicator value, such as IP, URL, and domain.

  7. Click OK.

Editing an Indicator

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 3 Workspace management page

  5. In the navigation pane on the left, choose Threats > Indicators.

    Figure 4 Indicators

  6. On the Indicators page, locate the target indicator and click Edit in the Operation column.
  7. On the Edit page that is displayed, edit indicator parameters.

    Table 2 Indicator parameters

    Parameter

    Description

    Indicator Name

    Name of a user-defined threat indicator. The value can contain:

    Only uppercase letters, lowercase letters, digits, and the special characters: -_ ()

    Type

    Indicator type.

    Threat Degree

    Select a threat degree level.

    • Black: dangerous
    • Gray: minor
    • White: secure

    Data Source Product Name

    Name of the data source, which cannot be changed

    Data Source Type

    Type of the data source, which cannot be changed

    Status

    Indicator status. Possible values are Open, Closed, and Revoked.

    Confidence

    Reliability of the selected indicator. The value ranges from 80 to 100.

    Owner

    Primary owner of the indicator.

    Labels

    Label of a user-defined indicator.

    First Occurrence Time

    First occurrence time of the indicator.

    Last Occurrence Time

    Latest occurrence time of the indicator.

    Expiration Time

    Expiration time of the indicator.

    Invalid or not

    Whether to invalidate the indicator. The default value is No.

    Granularity

    Granularity of the indicator. The options are First time observed, In-house data, To be purchased, and Queried from external networks.

    MD5

    Enter the MD5 value of the indicator.

    SHA1

    Enter the SHA1 value of the indicator.

    SHA256

    Enter the SHA-256 value of the indicator.

    File type

    Enter the file type of the indicator.

    Compile Time

    Enter the compilation time of the indicator.

    File Name

    Enter the file name of the indicator.

    File MIME Type

    Enter the MIME type of the indicator file.

    Familial

    Enter the family the indicator belongs to.

    Category

    Enter the type of the indicator.

  8. Click OK.
Parent topic: Indicator Management