A piece of data indicating an event that has occurred or been observed on a computer system, network, or other digital entity. Observables can be malicious or benign.

For example, if someone uses an IP address to download a malicious program onto a computer, the IP address and computer are the observables, while the download of the malicious program is the event.

In Splunk Mission Control, Threat Intelligence Management records observables as part of an incident.

Related terms

For more information

In Investigate and Respond to Threats in Splunk Mission Control: