Manually add observables from entities overview#

You can create one or more new observables and link it to the currently open entity by selecting + Observable under the Observables section.

Note

If an observable you create here matches an observable rule with an ignore action, it does not appear when the you publish the entity.

In the Add observable view that appears, fill out these fields:

Field

EIQ JSON field

Description

Type*

extracts[].kind

See Observable types

Link name*

See Observable link names

See Observable link names

Values(s)*

extracts[].value

Enter one or more values. One observable is created per value.

Values must be comma-separated, or newline-separated, but not both.

Maliciousness*

See Observable maliciousness

See Observable maliciousness