Settings
Observable Types
Settings
Observable Types
Configure and manage observable types to categorize and track different types of indicators in your threat intelligence.
Overview
The Observable Types section allows you to define and manage different types of observables that can be tracked in your threat intelligence operations. These types help categorize various indicators such as IP addresses, domains, file hashes, and other digital artifacts that you monitor.
Managing Observable Types
Creating a New Type
Click the “Create” button to add a new observable type:
Configure the following settings:
- Type name
- Description
- Category
- Validation rules
- Display format
Common Observable Types
Network Indicators
- IP Address
- IPv4 format
- IPv6 format
- CIDR notation
- Domain Names
- Fully Qualified Domain Names (FQDN)
- Wildcards
- IDN support
- URLs
- Web addresses
- URI patterns
- Protocol specifications
File Indicators
- File Hashes
- MD5
- SHA-1
- SHA-256
- SHA-512
- File Names
- Extensions
- Patterns
- Regular expressions
- File Paths
- Directory structures
- Path patterns
System Indicators
- Registry Keys
- Windows registry paths
- Value names
- Data types
- Process Names
- Executable names
- Command lines
- Process patterns
- Service Names
- Windows services
- Unix daemons
- Service patterns
Communication Indicators
- Email Addresses
- Address formats
- Domain validation
- Pattern matching
- User Accounts
- Usernames
- Account IDs
- Platform identifiers
- Communication Protocols
- Port numbers
- Protocol identifiers
- Service definitions
Best Practices
Type Definition
- Use clear, descriptive names
- Provide detailed descriptions
- Set appropriate validation rules
- Include example values
Organization
- Group related types
- Maintain consistent naming
- Use categories effectively
- Consider type relationships
Validation Rules
- Define format requirements
- Set value constraints
- Configure pattern matching
- Implement data validation
Maintenance
- Review type usage
- Update definitions
- Document changes
- Monitor effectiveness
Using Observable Types
In Cases
- Threat indicators
- IOC tracking
- Evidence collection
- Pattern matching
In Analysis
- Indicator correlation
- Pattern detection
- Threat hunting
- Intelligence gathering
In Reports
- Indicator statistics
- Type distribution
- Trend analysis
- Intelligence reporting