Uploading Observables FAQ

Updated 3 months ago by Elvis Hovor

Q. How do I add MITRE ATT&CK tags when bulk uploading observables?

A. To apply MITRE ATT&CK tags add them under a Tag column in your CSV and use the following format: mitre/

An example would be mitre/initial-access

Q. Will tags in a bulk upload correlate to the tags in my reports?

A. Currently, these tags are treated as separate entities and therefore will not correlate with each other.

Q. Why am I not seeing correlations from sources that I subscribe to?

A. The bulk uploading process for observables does not query any intelligence sources. You will only see correlations between the observables that you have uploaded and any intelligence that is available in the platform at the time of the bulk upload.

Q. Is there an API endpoint for observable management?

A. Yes. You can read read more here: TruSTAR API Indicators

Q. Can I pull observables into my SIEM using your integration?

A. Many of our integrations do support this functionality. Please check the documentation for your integration for more information.

How Did We Do?