ProTip for SIEM: Enterprise Security Manager fails to receive Cyber Threat indicators from Advanced Threat Defense

Version 1

    These errors can be caused by either of the following:
    STIX reporting is not enabled in ATD.
    The ATD user (specified in the Cyber Threat Feeds configuration in the ESM) does not have the Admin User rule.

    For more information on this issue and solutions, see KB87147 ( )

      For more resources, visit the ServicePortal and search for related content. Also, visit the SIEM Community (

    SNS ProTips help you maximize your protection with troubleshooting, best practices, how-to tips, and links to Knowledge Center resources.