Cloud SIEM cross references incoming logs against lists of known Indicators of Compromise (IOCs) to automatically detect threats. IOCs are sourced from recommended Threat Intelligence feeds that crowdsource and scrape the internet for malicious and suspected IPs, DNSs, and URLs.
When an IOC is detected, the original log is enriched with the relevant details.
To open the list of feeds, go to Threats > Threat Intelligence Feeds from the top menu.
The list of feeds shows the feed name and a description of the feed, its IOC type, the calendar date when it was last synced, and includes the direct link to view the source feed.
Logz.io syncs each feed once daily to look for updates. The last sync date is shown.
There is also an option to add a private feed of malicious IPs. See Adding a private feed.
Research an IOC
If you are in need of researching a specific IP, URL, or domain, you can check if it is found in any of your feeds.
You can click the source link to research the indicator and look up additional details.