# Indicator Management

The STIX architecture is built from high-level STIX domain objects (SDO). The attributes of SDOs and the terminology and format for attribute values are defined in the STIX patterning language. Some of the SDOs are as follows: 

**Observed Data** — Examples of observables include an IP address, a change in an executable file property or signature, an HTTP request, or a firewall blocking a connection attempt. 

**Indicator** — A pattern of observables that are "of interest," or worthy of cybersecurity analysis. 2 osintme.com 

**Attack Pattern** — Known adversary behaviors, starting with the overall goal and asset target (tactic), and elaborated over specific techniques and procedures. This information is used to identify potential indicators and intrusion sets. 

**Campaign and Threat Actors** — The adversaries launching cyberattacks are referred to in this framework as Threat Actors. 

**Course of Action (CoA)** — Mitigating actions or use of security controls to reduce risk from attacks or to resolve an incident


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://abrahamreyes9.gitbook.io/cysa+/1.0-threat-and-vulnerability-management/1.1-explain-the-importance-of-threat-data-and-intelligence/indicator-management.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.