If you have access to Threat Intelligence Management (Cloud), you can review threat intelligence attributes associated with a finding in the side panel of the analyst queue. Use threat intelligence attributes to help you determine whether you need to start an investigation based on this finding.

You can find threat intelligence attributes for a finding as you're triaging in the analyst queue. On the Mission Control page of Splunk Enterprise Security, select a finding, and then find the Threat intelligence section in the side panel.

Threat intelligence attributes include threat actors, MITRE tactics, CVEs, and malware associated with one or more observables present in the finding. These attributes are reported by intelligence sources contributing to active threat lists in the Threat Intelligence Management (Cloud) system.

To see a list of finding or investigation fields that can contain observables, see Fields containing observables in Splunk Enterprise Security.