Which threat intelligence source should i use and what happens if i use multiple threat intelligence sources.
Best answer by Basudev Raut
View originalThreat Intelligence
Userlevel 2
+3
Userlevel 3
+7
Hi Rupsan,
You can use multiple Threat Feeds in LogPoint, either Open Source (like MISP or a TAXII feed) or Proprietary (such as RecordedFuture, ProofPoint, CSIS). When you use multiple threat feeds, fields like the source_ip or destination_ip from your sources may find a match with one or the other threat feeds and get enriched.
However, it is advised to use few feeds that you are very fond of since such feeds add some performanceoverhead while fetching data. You may look into the data from table threat_intelligence and decide which feed provide you the most value and decide accordingly.
Reply
Sign up
Already have an account? Login
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.
LOGIN AS PARTNER OR CUSTOMER Login with LinkedInLogin to the community
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.
LOGIN AS PARTNER OR CUSTOMER Login with LinkedInEnter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.