Configure Threat Intelligence Enrichment Integration

Threat Intelligence Enrichment gathers reputation information from observables, such as IP addresses, domains, URLs, hashes, email addresses, and so on from one or more enrichment providers using enrichment components. Results are aggregated in Threat Intelligence records, and displayed in Case and Incident Management records as well. Every observable type has a 

, which is the canonical source of truth for reputation verdict, permalinks, and so on for that observable type.

Open the SOC - Enrich Observable component.

Edit the components under the Parallel node:

Remove any enrichment sources you are not using.

Add new enrichment sources from the Components menu.

Click "Edit" and map in "inputs.observable" as a playbook property for each new enrichment source.


After removing or adding new enrichment sources, edit the Aggregate Enrichments action to reflect the changes you have made. Each component's Enrichments property should be mapped to an append action in the Aggregate Enrichments action.
Hint: Any append action whose target is $DELETED must be removed.


Ensure that your enrichment assets are configured on the Assets page.

SOC - Bulk Ingest Phishing Emails - Template Playbook Overview

Configure-threat

test12

sdfdssdfsdfsdfsdfdsfsdf

edfsad

dsfsdfsdf

test

specific

var_miha

new_var_2

new_mih_var

mih_var

testheight

available

testulet

testvar

This is a plain text that will be inserted in an expandable heading for using this raw as an exampl

altscenario

This is a plain text that will be inserted in an expandable heading for using this raw as an example

scenario

exemplu

variabila

Archbee

text

refresh_token

YourBank

MyBank

variable_test_video

variable123

silviu

Bogdan_test

ferwhethgte

target1

google

support

product_name

productName1

companyLegalName

programName

customerName1

productName

Product_Name

Test

SEFAS

uptempo

customerName

testName

name1

customername

apilink1-getallmethod

variable_one

capitalize

company_name_adobe

jama_2

jama_1

domain

email

product

Glossary lets you define every tricky term, then gives them a sneak peek explanation on hover... Just like I'm doing with this text right here!

Glossary_feature

Google

aaaa

insitutionAdress

dasdas666

aa112

asdasdas

asdasd

What

New_reusable

test_var2

test_var

Configure Custom Case and Incident Management Data Mappings

Our knowledgeable support team and an awesome community will get you an answer in a flash.

Swimlane Solutions and Applications

Installing and Configuring

Business Continuity Management Workflows

Using Business Continuity Management

Dashboards in BCM

References

Business Continuity Management (BCM) Solution

How it Works?

Creating or Updating the SCF Records

SCF Data Import Application Overview

SCF Findings Application Overview

SCF Library Application Overview

SCF Evidence Application Overview

SCF Remediation Plans Application Overview

SCF Reporting Application Overview

Compliance Audit Readiness (CAR) Solution

Installing SOC Solutions Bundle

SOC - Alert Ingestion (Webhook) - Template Playbook Overview

SOC - Alert Ingestion (Cron) - Template Playbook Overview

SOC Solutions Bundle

Installing and Configuring Collaboration Extension

Configure Webhooks

Configure Collaboration Extension Template

Select a Template and Send a Message

Collaboration Extension

Installing and Configuring Crafted AI Prompts

Crafted AI Prompts

Installing Detection Engineering Extension

Configuring Detection Engineering Extension

Detection Engineering Extension - How it Works

Detection Engineering Extension

Vulnerability Response Management Workflows

Using Vulnerability Response Management

Using VRM for MSSPs

Vulnerability Response Management (VRM)

Solutions and Applications