Enrich Threat Data Objects
You can use third-party enrichment tools to enrich threat data objects and retrieve additional context, metadata, or analysis that provide a more comprehensive understanding of potential threats. Threat data enrichment involves various techniques such as adding geolocation data, correlating with known indicators of compromise (IOCs), incorporating information about attacker tactics and techniques, or integrating data from multiple sources to provide a holistic view of the threat landscape. Enriching threat data also helps you to better identify, prioritize, and respond to security threats. For more information about enrichment tools, see Enrichment Tools.
You can enrich the following threat data objects:
IP addresses
Hash values
URLs
Email addresses
Domains
Vulnerabilities
Before you Start
Ensure the enrichment tools are configured in Administration > Enrichment Management.
Ensure that you have View and Update Threat Data permission.
Steps
To enrich a threat data object, follow these steps:
Go to Main Menu > Collection > Threat Data and select a threat data object that you want to enrich.
Go to Enrichment tab. You can view the list of configured enrichment tools that support enriching the selected threat data object in Enrichment Details.
Select the enrichment tool and click Enrich.
You can view the enrichment details based on the selected enrichment tool in Enrichment Payload. Additionally, you can see the inferred verdict about the threat object in Key Stats, determining whether the enriched threat data object is malicious or non-malicious. You can also click Re-Enrich to enrich again.