Threat Intelligence

This transformation scans event fields for Indicators of Compromise (IoCs) from the Threat Intelligence database. If a match is found, the event is enriched with information about the associated malicious activity, providing context about the attacks in which the detected IoCs have been previously observed.

In case you want to search only in specific events fields, you can specify adding fields names in the configuration of this transformation.