1. Logpoint Service Desk
  2. Community
  3. SIEM - Searching & Analytics

Threat_Intelligence

Avatar
Follow
0

My Endpoint devices shows source_address as client_ip? How can  I use threat_intelligence for matching source_address as client_ip? I have used rename for enrichingthose threat_intelligence logs, but failed to do so?

How can I use endpoint hashes as well for enriching threat_intelligence logs?

Share This Post:

1 comment

Date Votes
0
Avatar
Rupsan Shrestha

You can configure mapping of different keys from the Logpoint UI:

Click on Enrichment Sources > threat intelligence

On the menu click on mapping:

There you can map client_ip as an ip_address to participate in threat intelligence.

Similarly you can use endpoint hashes for enrichment as well. add a similar mapping to hash with column hash.

For static enrichment you’d have to configure the enrichment policy accordingly as well. If not you can use the process ti

Please sign in to leave a comment.