Security Incident and Threat Intelligence Integrations Questions

Your team enabled automatic push for TISC. What change should analysts expect when associating observables to a security incident?

Which role performs Microsoft Graph alert profile setup and field mapping for security incidents?

An analyst manually sends an observable to TISC and discovers that the observable does not yet exist there. What happens first?

During a manual TISC push, an analyst selects an observable that already exists in TISC. What is the expected result?

Which integration performs automatic lookups on certificate serial number observables?

Where do Shodan enrichment results appear for supported observables?

A team wants to manually push observable data into TISC from SIR. What prerequisite must be true for the data to be pushed?

Which capability is provided by TISC Context for SIR-associated observables that are also present in TISC?

During Microsoft Graph Security API setup, which task belongs to alert profile configuration rather than dashboarding or risk management?

How often does Shodan check for new observables to enrich recognized types?

Which prerequisite combination is required for Microsoft Graph setup?

Which observable set is supported for automatic lookups by the RISKIQ SSL Certificates API?

For Microsoft Graph Security API integration, what must the administrator do as part of setup?

Which manual lookup can WHOISIQ perform from the Observables table?

A new IP observable is added to a security incident. What should an analyst expect from Shodan?