Configuring Threat Intelligence
The threat intelligence topology takes a normalized JSON message and cross references it against threat intelligence, tags it with alerts if appropriate, runs the results against the scoring component of machine learning models where appropriate, and stores the telemetry in a data store.
- Choose your threat intelligence sources
- As a best practice, install a threat intelligence feed aggregator, such as SoltraEdge
-
Mark messages as threats based on data in external data stores
-
Mark threat alerts with a numeric triage level based on a set of Stellar rules