Enrich the Nodes
When adding a node, you can enrich your data to expand the canvas and gain deeper context around the selected indicators. Intel Exchange automates enrichment using both internal and third-party sources to enhance graph expansion and threat contextualization.
You can now perform enrichment on both single-node and multiple nodes (bulk), depending on your investigation needs.
Intel Exchange supports enrichment through the following:
CTIX enrichment
Third-party enrichment tools
Global Filter.
Enrich a Single Node
To enrich a single node, follow these steps:
In the Threat Investigation canvas, right-click the node you want to enrich.
Select Enrich from the drop-down.
Select one or more enrichment tools from the list. You can use the enrichment tools configured and enabled in Administration > Enrichment Management.
Click Enrich.
After a successful enrichment, double-click the node and go to the Enrichments tab to view the enrichment details. You can also view the enrichment details in the Enrichment Details tab of the Threat Data object details.
Enrich Multiple Nodes
Notice
The Bulk Enrichment feature is available in Intel Exchange v3.7.5.0 onwards.
To enrich multiple nodes, follow these steps:
In the Threat Investigation canvas, select the nodes you want to enrich.
Right-click the selected nodes and select Enrich from the drop-down.
Select one or more enrichment tools from the list. You can use the tools configured and enabled in Administration > Enrichment Management.
Click Enrich.
A left-side panel displays the selected nodes and enrichment tools, along with their respective status and results.
Use this panel to track the enrichment progress across all selected nodes.
Note
Bulk enrichment supports up to 10 indicator nodes per action. You can select all tools that are configured and available.