Observables

The Observables report includes multiple tabs related to Observables, and is designed to help analyze them in the context of the alerts and incidents in which they appear.

The report includes a timestamp of the most recent data point included in the report (Data updated to), and a timestamp of when the graphics in the report were last refreshed (Last refreshed). Both of these timestamps are in UTC.

The time filter will filter observables created during the selected period.

Alerts Overview

This tab is intended support analyses of observables, in the context of the alerts in which they appear.

By using the many filters, it is possible to select a small selection of the observables.

Once the filters have been set, you can click Show Details to see a new view, showing the selected observables and the alerts in which they appear, allowing selection of a single observable to see all of its alerts, and a single alert to see all of its observables.

Note that from version 2.8, the Alerts Overview tab has been removed.

Incidents Overview

This tab is intended to support analyses of observables, in the context of the incidents in which they appear.

By using the many filters, it is possible to select a small selection of the observables.

Once the filters have been set, you can click Show Details to see a new view, showing the selected observables and the incidents in which they all appear, allowing selection of a single observable to see all of its incidents, and a single incident to see all of its observables.