Enrichment
Performing enrichment adds contextual information and scores indicators by identifying key malicious properties. Intel Exchange integrates with various third-party enrichment tools to provide you with the capability of enriching IP addresses, URLs, hashes, domains, email addresses, and vulnerabilities. For more information, on third-party enrichment tools, see Enrichment Tools.
You can perform enrichment manually or automatically using enrichment policies. For more information, on enrichment policies, see Enrichment Policy.
To manually enrich the threat data object, select an enrichment tool and click Enrich in Enrichment Details.
You can view the following details after enrichment:
Enrichment Tool Status: View the enrichment status of third-party enrichment tools such as enriched, not tried, tried and failed, and quota completed. For more information on enrichment quota, see Enrichment policy.
Sources Reported Malicious: View the enrichment tools that reported the threat data object as malicious.
Tool Stats: View the statistics of the inferred verdict such as malicious, non-malicious, and non-applicable reported by the enrichment tools.
Enrichment Details: View the complete details of the enrichment performed. You can view and perform the following:
View the enrichment tools used to enrich. Select an enrichment tool to view the Key Stats which provides an overview of the enrichment details. You can filter the enrichment details based on the enrichment tool status. You can also sort the enrichment details in ascending or descending order.
View the Enrichment Payload provided by the enrichment tool. You can also select to view the same in JSON format as well. Click Re-enrich to enrich anew.
Turn on the Hide Empty Values toggle to hide empty values and view only the payload.