The Basic Threat Intel App helps you to review log data for Internet connectivity with known bad systems or processing of known bad executables. You can use the provided resource sets to find and alert on unexpected or possibly malicious activity.

What types of data does the Threat Intel (Basic) app ingest?

The Threat Intel (Basic) app collects data from three types of sources:

• Context Lists - Some lists provide context or can be used for filtering.
• Threat Lists - Several open source threat intelligence lists are collected into Observe as resource sets for comparison with your data.
• IaaS Network Lists - The network address lists of several popular infrastructures as a service provider collected into Observe as resource sets for comparison with your data.

To ingest these resources, install the app and configure the pollers.