Using Threat Intelligence Feeds
The threat intelligence topology takes a normalized JSON message and cross references it against threat intelligence, tags it with alerts if appropriate, runs the results against the scoring component of machine learning models where appropriate, and stores the telemetry in a data store. This section provides the following steps for using threat intelligence feeds:
Threat intelligence topologies perform the following tasks:
Mark messages as threats based on data in external data stores
Mark threat alerts with a numeric triage level based on a set of Stellar rules