My Endpoint devices shows source_address as client_ip? How can I use threat_intelligence for matching source_address as client_ip? I have used rename for enrichingthose threat_intelligence logs, but failed to do so?
How can I use endpoint hashes as well for enriching threat_intelligence logs?
+3
You can configure mapping of different keys from the Logpoint UI:
Click on Enrichment Sources > threat intelligence
On the menu click on mapping:
There you can map client_ip as an ip_address to participate in threat intelligence.
Similarly you can use endpoint hashes for enrichment as well. add a similar mapping to hash with column hash.
For static enrichment you’d have to configure the enrichment policy accordingly as well. If not you can use the process ti
Already have an account? Login
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
