How to add Sectrio Threat Intelligence as threat feed manager in EventLog Analyzer?
Objective
It is essential to have multiple threat feed managers integrated with a SIEM solution to detect the threats in the production environment. This article focuses on how to add Sectrio Threat Intelligence as a threat feed manager in EventLog Analyzer.
Prerequisites
- Ensures you can access the EventLog Analyzer console in an administrator role or with Manage Threat Feeds in a custom role.
- Ensure that the network communication for EventLog Analyzer server is allowlisted so that the threat feed manager's Endpoint root URL and any other API roots offered by the vendor are accessible
Steps to follow
Step 1: Login to EventLog Analyzer console.
Step 2: Navigate to Settings >> Admin settings >> Threat Feeds >> + Add New Server.
Step 3: Choose Sectrio Threat Intelligence and update Username and Password.
Step 4: Choose Test Connection to check the connectivity.
Step 5: For Threat feed configuration check with vendor.
Step 6: In the Poll From section, specify the start date from when the feeds should be collected.
Step 7: In the Schedule drop-down list, select the schedule frequency and the time for syncing data from the TAXII server.
To save the server configuration, click Add Server.
Tips
- Get in touch with the Threat Feed vendor for threat feed manage configuration and to obtain the list of URLs to be allowlisted for the AirGap environment.
- Enabling EventLog Analyzer's Advanced Threat Analytics is an additional feature you can add for scaling the threat detection mechanism.
Related articles
New to ADSelfService Plus?
Related Articles
How to add Cyware Threat Intelligence Platform as a threat feed manager in EventLog Analyzer
Objective It is essential to have multiple threat feed managers integrated with a SIEM solution to detect threats in the production environment. This article focuses on how to add Cyware Threat Intelligence Platform as a threat feed manager in ...How to add Kaspersky Threat Intelligence as threat feed manager in EventLog Analyzer
Objective It's essential to have multiple threat feed managers integrated with a SIEM solution to detect threats in the production environment. This article shows you how to add Kaspersky Threat Intelligence as a threat feed manager in EventLog ...How to add Pulsedive Threat Intelligence as a threat feed manager in EventLog Analyzer
Objective It's essential to have multiple threat feed managers integrated with a SIEM solution to detect threats in the production environment. This article shows you how to add Pulsedive Threat Intelligence as a threat feed manager in EventLog ...How to add the SecAlliance ThreatMatch Intelligence Portal as a threat feed manager in EventLog Analyzer In this article:
Objective It is essential to have multiple threat feed managers integrated with a SIEM solution to detect threats in the production environment. This article focuses on how to add the SecAlliance ThreatMatch Intelligence Portal as a threat feed ...How to add IBM X-Force as a threat feed manager in EventLog Analyzer
Objective It is essential to have multiple threat feed managers integrated with a SIEM solution to detect threats in the production environment. This article focuses on how to add IBM X-Force as a threat feed manager in EventLog Analyzer. ...