Observables tab#

The Observables tab provides an overview of any observables belonging to the entity.

You can analyze them, set their maliciousness confidence level, as well as create new observables or indicators and sightings from existing observables.

In the entity detail pane, click the Observables tab to display a list of any observables related with the entity.

To sort items by column header:

  1. Click the header of the column whose content you want to sort.

  2. Click or to sort the content in either ascending or descending order, respectively.

Observable information is organized in columns:

  • Type: specifies the observable data type.

  • Value: shows the observable value.

  • Relation: shows the observable relation to the entity.

  • Sighted: shows when the observable was first sighted in the system.

  • Conn: indicates the number of connections/links the observable has with other entities in EclecticIQ Intelligence Center.

  • First seen: the date when the observable was first sighted.

  • Maliciousness: The colored dot indicates if the observable is safe or malicious, as well as the maliciousness confidence level:

    • 1 gray dot: there is not enough information or evidence to assess whether the observable is safe or malicious.

    • 1 green dot: the observable is safe.

    • 1 red dot: the observable might be malicious (low confidence).

    • 2 red dots: the observable may/can be malicious (medium confidence).

    • 3 red dots: the observable is malicious (high confidence).

  • To refresh the view, if necessary, click the refresh icon .

Apply bulk actions#

In the Observables tab you can apply actions to multiple observables at the same time:

  1. In the active view, select the checkboxes corresponding to the observables you want to process in bulk.

    A bar with the options appears on the top

  2. Choose one of the available actions:

    1. Enrich: enrich the selected entities with one or all the available enrichers.

    2. Add to: add the selected entities to a graph.

  3. The custom menu provides you with more options:

    1. Remove the selected observables from the entities they belong to.

    2. Create an indicator from the selected observables.

    3. Create a sighting from the selected observables.

    4. Set a maliciousness confidence level for the selected observables.