Skip to main content

Threat_Intelligence

  • 9 June 2021
  • 1 reply
  • 100 views

My Endpoint devices shows source_address as client_ip? How can  I use threat_intelligence for matching source_address as client_ip? I have used rename for enrichingthose threat_intelligence logs, but failed to do so?

 

How can I use endpoint hashes as well for enriching threat_intelligence logs?

Rupsan Shrestha
LogPoint Team
Forum|alt.badge.img+3

You can configure mapping of different keys from the Logpoint UI:

Click on Enrichment Sources > threat intelligence 

On the menu click on mapping:

There you can map client_ip as an ip_address to participate in threat intelligence.

Similarly you can use endpoint hashes for enrichment as well. add a similar mapping to hash with column hash.

For static enrichment you’d have to configure the enrichment policy accordingly as well. If not you can use the process ti 


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings