Verify That the Threat Intel Events Are Enriched

By convention, the index where the new messages are indexed is called squid_index_[timestamp] and the document type is squid_doc.

After you finish enriching your new data source, you should verify that the output matches your enrichment information.

From the Alerts UI, search the source:type filter for squid messages.