What do you need help with?

We are here and ready to help.
Email: servicedesk@socfortress.co

    OpenCTI – Create a new Observable

    Juan Romero

    07-Aug-2025

    OpenCTI – Create a new Observable

    Introduction

    This article explains how to manually a new observable / Indicator in your OpenCTI Instance

     

    Create a new Observable

    Log into your OpenCTI instance and from the left menu select Observations – Observables:

     

     

    The main page will show all existing observables, downloaded as part of the synchronization with all existing security feeds:

     

     

    Botto right, cliek the add button:

     

     

    Select the category for the observable to add (hostname, IPV4, etc):

     

     

    Provide the details for the new observable (example below):

     

     

    NOTE: Select “Create an indicator from this observable”:

     

     

    After adding, it'll be listed in the main Observables page.

     

     

    Testing

    Log into your Graylog instance configured to use your OpenCTI instance as its Threat Intel.

    Go to System – Lookup Tables:

    Select the Data Adapters tab:

     

    Click on the Threatintel adapter:

     

     

    In the key box, type the value of the ne observable just added and execute Look up:

     

    Facebook Share Tweet

    Was this article helpfu?

    Yes No

    Thank you for voting

    Comments

    ×
    Select company

    You are related to multiple companies. Please select the company you wish to login as.