Intelligence

Creating new intel

Creating new intel

So you have some new intel you would like to share out with your communities? That’s great because that’s what Perch is all about!

Creating a new indicator is easy. Start by navigating to Sharing > Create New Indicator. On the create new indicator page you can start creating your intel.

General Overview

Search Communities

Enter all the communities you would like to share this intel with. The more the merrier!

If you are a member of more than one group, you will have to define a single group.

Indicator Details

Define the attributes of your indicator such as title, description (optional), TLP and confidence.

Observable(s)

Here is where you define the obvservable(s) attached to your intel. You can define an IP address, domain, URL, regular expression or file hash.

When you are ready, hit Add Observable to add it to your indicator. You can add as many as you like.

Observables Added

This list includes all of the created observables attached to your indicator. You can define the relationship between them (eg. “and” or “or”) as well as delete them. You can also back test your observables which is covered in our next section.

Back Test

The purpose of back testing is to limit duplicate intel within Perch. Back testing an observable checks it against your groups and communities to show you who has seen this before and how many times.

You can also hit View Details for a more in depth analysis of your observable.