Enable the Threat Intelligence feed
On the SEM Console Settings page, you can enable the Threat Intelligence feed, which enables SEM to detect threats based on lists of known malicious IP addresses. Learn more here.
Threat Intelligence is enabled by default. It identifies events as threats by matching event IP information against a list of known bad IP addresses.
Only administrators have permissions to enable or disable the Threat Intelligence feed. Disabling and re-enabling the Threat Intelligence feed forces a threat intelligence update and creates an InternalAudit event. Restarting SEM also forces the Threat Intelligence feed to update.
- Log in to the SEM Console.
- On the toolbar, click the Settings icon.
- Click Threat Intelligence.
-
Drag the toggle to the right to allow SEM to enable the Threat Intelligence feed.
-
Enable the Threat Intelligence feed on the SEM appliance.
See Using the Threat Intelligence feed in SEM for instructions.