Skip to main content

Threat Intelligence Feeds cross references incoming logs against lists of known IOCs (Indicator of Compromise) to automatically detect threats . Whenever an IOC is detected, the original log is enriched with the relevant details.

IOC types pulls lists of IOCs, aka Threat Intelligence feeds, from industry recommended sources that crowdsource and scrape the internet for malicious and suspicious indicators, including:

  • IPs
  • md5/sha1/sha256 hash signatures
  • Domains
  • URLs
  • User-Agent headers

In addition to the feeds that are automatically generated by, you can add your own Private Feeds for any of the above IOC types or another, custom type of your choice. Generally, custom IOCs are used to create lists of usernames or email addresses.

Review your Threat Intelligence feeds

To view the list of your threat intelligence feeds, navigate to SIEM > Threat Intelligence Feeds.

TI feeds

You can search the table for IP addresses, domains, or URLs across the different feeds. The table includes the following information:


This lists the names of different threat intelligence feeds.

IOC type

IOCs, Indicator of Compromise, are identified by IP, hash, domain, URL, user-agent header, or other custom indicators.


Indicates the reliability score of the feed, assigned by's team of security analysts.

Investigation URL

URLs provided here are links to the sources of the feeds, where one can find more detailed information or investigate the threats further.

Feed type

There are two different types of feeds:

  • threat feed is a predefined threat feed. It is included by default and cannot be edited. threat feeds have a feed tag.

  • Private threat feed is a feed added by you or your team members. You can add, edit, or delete a private feed. Private feeds have a Private feed tag.

  • Last sync syncs each feed once daily to look for updates. The table shows the date when the feed was last updated or synchronized.

Private feeds

To add your own private feed, see Preparing your feed for guidelines on compiling your lists of IOCs, and Adding a private feed for instructions on setting up the sync.