Environment
- CB ThreatHunter Web Console: All Versions
Objective
Create a custom watchlist from the Investigate page
Resolution
- Navigate to the Investigate page
- Execute a desired search query
- Select Add search to Threat Report under the search magnifying glass
- Under the Select a Watchlist heading in the Add Query modal, select Add New
- Enter a name for the watchlist
- Enter a description for the watchlist if desired
- Enable Alert on Hit if the watchlist is desired to alert users when IOCs match incoming data
- Enter a name for the Threat Report that will contain the search query executed previously in step 2.
- Enter a description for the threat report if desired
- Set a desired severity
- Enter any tags to be applied to the threat report
- Select Save
Related Content