Enrichment Management
CTIX empowers administrators to enrich threat data by adding contextual information, and scoring indicators by identifying key malicious properties. Analysts can perform enrichment operations either manually or by utilizing the admin-configured enrichment policies with the help of third-party enrichment tool integrations. These tools help your organization streamline the existing security process and adapt to a comprehensive approach toward threat intel enrichment and investigation.
Refer to Enrichment Management FAQs for more details.
Enrichment Management consists of the following components:
Enrichment Tools: This component comprises a collection of third-party tools that analysts can leverage to perform diverse activities supporting threat intelligence enrichment. From this section, you can add authentication credentials, define respective quotas, and monitor the status of each tool, facilitating seamless integration and utilization.
Enrichment Policy: This component entails creating an automated policy that triggers the configured enrichment tools to enrich the IOCs and vulnerabilities as they enter the platform. These policies are designed to enrich objects from specified sources and collections using a predefined execution type.
 |