Sentinel needs a way for the administrator to configure integrations to threat reputation sources. These sources typically supply IP addresses with threat scores to let you know how trustworthy they are.

Many enterprises have multiple threat reputation sources so they want to be able to prioritize them, in the event of a duplicate match/conflict.

Having this would not only allow for the event to have the threat score updated, but it would also allow for correlation rules to use this field for rules processing

by: Ted E. | over a year ago | Integrations