scoutTHREAT - Observables Overview
Written by Benjamin Dewey
Updated over a week ago

According to STIX 2.1, Observables are captured artifact objects such as an IP address, a network connection, a file, or a registry key.

Here are the Observable items that you can add on scoutTHREAT:

  • Domain

  • URLs

  • MAC Addresses

  • IPv4 addresses

  • IPv6 addresses

  • Email Addresses

  • Email Messages

  • Mutex

  • Files

  • Windows Registry

  • Autonomous System (ASN)

  • Software

  • Network Traffic

  • Process

An Observable may be used by itself (without relationships) to convey raw data collected from any source including analyst reports, sandboxes, and network and host-based detection tools.

An intelligence producer conveying this artifacts should include as much context as possible to utilize this data for improved security.

Observables can capture that a piece of information was seen one or more times. Meaning, it can capture both a single observation of a single entity (file, network connection) as well as the aggregation of multiple observations of an entity.

For more information on Observable Data, review STIX 2.1 documentation online.

Related Content

Did this answer your question?