Overview

The Observable Types section allows you to define and manage different types of observables that can be tracked in your threat intelligence operations. These types help categorize various indicators such as IP addresses, domains, file hashes, and other digital artifacts that you monitor. Observable Types Dashboard Light Observable Types Dashboard Dark

Managing Observable Types

Creating a New Type

Click the “Create” button to add a new observable type: Create Observable Type Form Light Create Observable Type Form Dark Configure the following settings:
  • Type name
  • Description
  • Category
  • Validation rules
  • Display format

Common Observable Types

Network Indicators

  • IP Address
    • IPv4 format
    • IPv6 format
    • CIDR notation
  • Domain Names
    • Fully Qualified Domain Names (FQDN)
    • Wildcards
    • IDN support
  • URLs
    • Web addresses
    • URI patterns
    • Protocol specifications

File Indicators

  • File Hashes
    • MD5
    • SHA-1
    • SHA-256
    • SHA-512
  • File Names
    • Extensions
    • Patterns
    • Regular expressions
  • File Paths
    • Directory structures
    • Path patterns

System Indicators

  • Registry Keys
    • Windows registry paths
    • Value names
    • Data types
  • Process Names
    • Executable names
    • Command lines
    • Process patterns
  • Service Names
    • Windows services
    • Unix daemons
    • Service patterns

Communication Indicators

  • Email Addresses
    • Address formats
    • Domain validation
    • Pattern matching
  • User Accounts
    • Usernames
    • Account IDs
    • Platform identifiers
  • Communication Protocols
    • Port numbers
    • Protocol identifiers
    • Service definitions

Best Practices

Type Definition

  • Use clear, descriptive names
  • Provide detailed descriptions
  • Set appropriate validation rules
  • Include example values

Organization

  • Group related types
  • Maintain consistent naming
  • Use categories effectively
  • Consider type relationships

Validation Rules

  • Define format requirements
  • Set value constraints
  • Configure pattern matching
  • Implement data validation

Maintenance

  • Review type usage
  • Update definitions
  • Document changes
  • Monitor effectiveness

Using Observable Types

In Cases

  • Threat indicators
  • IOC tracking
  • Evidence collection
  • Pattern matching

In Analysis

  • Indicator correlation
  • Pattern detection
  • Threat hunting
  • Intelligence gathering

In Reports

  • Indicator statistics
  • Type distribution
  • Trend analysis
  • Intelligence reporting