You may go on XFE portal and check if the ip address has risk score greater than 4 (out of 10). Per investigation, having hit on that level would reduce alert fatigue.
------------------------------
Leo Kuo
------------------------------
Original Message:
Sent: Thu April 06, 2023 02:10 AM
From: Swapnil Rupnawar
Subject: Comparision of Multple threat intel response for enrichment
Hello Team,
We want to compare multiple threat intel reponse on IBM resilient SOAR.
So we installed AbuseIPDB fuction for SOAR and found that we should receive hit to the IP address from "IMB Xforce" and "AbuseIPDB" both
But we recived hit only by AbuseIPDB and not from IBM X-froce.
Kindly let us know how we can utilize this use case.
Regards,
Swapnil
------------------------------
Swapnil Rupnawar
------------------------------