Create relationships between indicators to enhance your investigations.
Indicator relationships are used to enrich investigations with information from indicators that are connected in various ways to other indicators. These relationships can help you pivot from what might be a false positive to a full-fledged campaign.
You can create relationships automatically through specific integration feeds.
To enable the automatic creation of relationships, ensure that the Create relationships checkbox is selected in the integration settings.
In addition, you can create relationships manually.
Navigate to the Indicators page.
Click on an indicator.
Under Relationships, click +Add.
A window with all of the indicators in your system appears.
Enter a query by which to search for the relevant indicators. You can optionally limit the time range by which you are searching.
Select the indicator(s) to which you want to create the relationship.
Set the relationship types. By default, the types that are presented are related-to.
For example, IP address
x.x.x.xis related-to IP addressy.y.y.y.Click
Save.