Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

About the Threat Intelligence Page

To access this page, select Administration > Insights Management > Threat Intelligence.

Look up your trusted threat intelligence providers for indicators of compromise to confirm the maliciousness of the reported event. Indicators of compromise include IP addresses, URLs, and file hash observed in the log data. What is considered malicious is based on available knowledge about the threat intelligence provider’s output.

Security Director Insights supports the following threat intelligence sources:

Source

Data

IBM X-Force

IP lookup and file hash

VirusTotal

File hash and URL lookup

Opswat

File hash, URL lookup, and IP lookup

Tasks You Can Perform

You can perform the following tasks from the Threat Intelligence page:

Field Descriptions

Table 1 provides guidelines on using the fields on the Threat Intelligence page.

Table 1: Fields on the Threat Intelligence Page

Field

Description

Source

Specifies the threat intelligence source.

Description

Specifies the corresponding API details configured for the threat intelligence source.