A piece of data that provides additional information about unusual, suspicious, or malicious cyber activity, such as when it was observed and the level of risk it poses.

In Splunk Mission Control, observables become indicators after Threat Intelligence Management enriches and scores them for deeper context.

Related terms

For more information

In Investigate and Respond to Threats in Splunk Mission Control: