Updated on 2025-08-11 GMT+08:00

Overview

Indicators describe potential threats to your systems. Indicators provide necessary context for abnormal activities, so that you can quickly take measures to protect your personnel, information, and assets.

Indicators associate observation items such as URLs or IP addresses with known threat activities such as phishing or malware. Indicators are widely used in security products and automated services to detect and prevent potential threats to organizations. You can create and manage indicators to accelerate threat detection and rectification. You can manually add indicators or import indicators into SecMaster. Then you can use indicators to create custom playbooks for threat management, analysis, and handling.

You can manage indicators, including:

  • Adding an Indicator: If a potential threat to the system and users is detected, you can add indicators to record the threat. In this way, the security personnel can quickly take measures to protect personnel, information, and assets, and accelerate threat detection and rectification.
  • Editing an Indicator: If the threat level, status, and owner of an indicator changes, you can edit the indicator information.
  • Closing and Deleting an Indicator: If the threat corresponding to an indicator is eliminated, you can close the indicator. If an indicator is incorrect or the threat scenario described by the indicator does not exist, you can delete the indicator. Deleted indicators cannot be restored. Exercise caution when performing this operation.
  • Importing an Indicator: You can batch add indicators by importing an indicator list.
  • Exporting Indicators: You can export an indicator list to a local PC to view indicator information or share indicator information with other team members.
  • Viewing Indicators: You can view the threat level, discovery time, and status of indicators. You can turn pages to view indicators or filter indicators based on the filter criteria.

Indicator Sources

Indicator Types

SecMaster supports the following indicator types: IPv6 addresses, URLs, emails, domain names, IPv4 addresses, and others (files, vulnerabilities, and weak passwords). You can configure Type when adding an indicator. For details, see Adding an Indicator.