Enrichment Policy
CTIX allows administrators to configure enrichment policies to automatically enrich threat data objects, such as IPs, hashes, domains, vulnerabilities, and URLs.
What are Enrichment Policies?
Enrichment Policies serve as functions defined by administrators to automate the process of enriching threat data objects using the configured enrichment tools. Enrichment tools play a vital role in providing additional details about various threat data objects, including IPs, hashes, domains, vulnerabilities, and URLs. The process of automatic enrichment gathers relevant information about the objects and contributes to the calculation of the Confidence Score.
Why define Enrichment Policies?
Defining enrichment policies ensures that the platform efficiently captures and analyzes the required information, enabling the accurate calculation of the Confidence Score. This score helps in determining the severity and impact of an object, assisting in effective threat assessment and prioritization. Automatic enrichment of objects enhances the overall efficiency of CTIX by streamlining the data-gathering process and enabling accurate evaluation of object severity. For more information about Confidence Score, see CTIX Confidence Score Engine.
Note
For CTIX version 3.2.1 and higher, refer to the following updates:
Configuring enrichment policies for all sources and collections is no longer supported.
Any existing policies configured for all sources and collections are disabled and administrators have to configure them again with the required sources and collections.