0 Replies Latest reply on Sep 3, 2013 12:10 PM by mike_st

    Multi Value Watchlists

    mike_st

      Having a bit of a problem and I cannot find in the Documentation any yes or no as to this idea.

       

      A multi value watch list.

       

      What I want, is to have a watch list that fires off of Thread intelligence feeds, such as the spamhaus, Secureworks and such. but I don't just want an alert that goes

      "TI match for domain"

       

      What  I want in the alert (alarm) is to have it fire showing "TI Match from Secureworks Blacklist" or "I Match from Spamhaus".

       

      Any ideas if this is even doable as in the gui it does not appear so for the 9.2.1 ESM