A suspicious indicator of a threat such as a URL, hash, or email address submitted to Threat Intelligence Management. You can automatically download observables from premium intelligence and open intelligence sources into Splunk KV stores and use them to alert against internal log events.

Related terms

For more information

In Investigate and Respond to Threats in Splunk Mission Control: