How to add the SecAlliance ThreatMatch Intelligence Portal as a threat feed manager in EventLog Analyzer In this article:
Objective
It is essential to have multiple threat feed managers integrated with a SIEM solution to detect threats in the production environment. This article focuses on how to add the SecAlliance ThreatMatch Intelligence Portal as a threat feed manager in EventLog Analyzer.
Prerequisites
- You need access to the EventLog Analyzer console with an administrator role or with the Manage Threat Feeds custom role.
- Ensure that the network communication for the EventLog Analyzer server allows the threat feed manager's endpoint root URL and any other API roots offered by the vendor.
Steps to follow
Step 1: Log in to the EventLog Analyzer console.
Step 2: Navigate to Settings > Admin Settings > Threat Feeds > + Add New Server.
Step 3: Select SecAlliance- ThreatMatch Intelligence and enter the Username and Password.
Step 4: Click Test Connection to check the connectivity.
Step 6: In the Poll From field, specify the start date when the feeds should start being collected.
Step 7: From the Schedule drop-down lists, select the schedule frequency and the time for syncing data from the TAXII server.
Step 8: To save the server configuration, click Add Server.
Tips
- Get in touch with the threat feed vendor for the threat feed management configuration and to get the list of URLs to be allowlisted for an air-gapped environment.
- Enable the Advanced Threat Analytics features to enhance the threat detection mechanism.
New to ADSelfService Plus?
Related Articles
How to add Cyware Threat Intelligence Platform as a threat feed manager in EventLog Analyzer
Objective It is essential to have multiple threat feed managers integrated with a SIEM solution to detect threats in the production environment. This article focuses on how to add Cyware Threat Intelligence Platform as a threat feed manager in ...How to add Sectrio Threat Intelligence as threat feed manager in EventLog Analyzer?
Objective It is essential to have multiple threat feed managers integrated with a SIEM solution to detect the threats in the production environment. This article focuses on how to add Sectrio Threat Intelligence as a threat feed manager in EventLog ...How to add Kaspersky Threat Intelligence as threat feed manager in EventLog Analyzer
Objective It's essential to have multiple threat feed managers integrated with a SIEM solution to detect threats in the production environment. This article shows you how to add Kaspersky Threat Intelligence as a threat feed manager in EventLog ...How to add Pulsedive Threat Intelligence as a threat feed manager in EventLog Analyzer
Objective It's essential to have multiple threat feed managers integrated with a SIEM solution to detect threats in the production environment. This article shows you how to add Pulsedive Threat Intelligence as a threat feed manager in EventLog ...How to add IBM X-Force as a threat feed manager in EventLog Analyzer
Objective It is essential to have multiple threat feed managers integrated with a SIEM solution to detect threats in the production environment. This article focuses on how to add IBM X-Force as a threat feed manager in EventLog Analyzer. ...