Documentation forSecurity Event Manager

Enable the Threat Intelligence feed

On the SEM Events Console Settings page, you can enable the Threat Intelligence feed, which enables SEM to detect threats based on lists of known malicious IP addresses. Learn more here.

Threat Intelligence is enabled by default. It identifies events as threats by matching event IP information against a list of known bad IP addresses.

  1. In the SEM Events Console, click the Settings button.

  1. On the Settings page, click the Threat Intelligence tab.
  2. Toggle the button to allow SEM to enable the Threat Intelligence feed.

Only administrators have permissions to enable or disable the Threat Intelligence feed. Disabling and re-enabling the Threat Intelligence feed forces a threat intelligence update and creates an InternalAudit event. Restarting SEM also forces the Threat Intelligence feed to update.