2 Replies Latest reply on Aug 9, 2016 8:00 AM by soc_guy

    Cyber Threat feed questions

    soc_guy

      Hello all.  I'm relatively new to ESM and have a question around Cyber Threat Indicators.  I found this excellent doc (The Cyber Threat Manager in the McAfee ESM ) on setting up Cyber Threat Feeds (along with several other good docs/articles on setting up HailATaxii).  I have a few questions.  If I'm only supposed to ask one per post, please feel free to correct me and I'll repost.

       

      1. If I have the threat feeds set up correctly (and they are updating) should I see updates listed on the Cyber Threat Indicators screen? 

      2. Is there a better place to make sure that threat feeds are updating properly?

      3. Is there a good place to make sure dynamic watchlists are updating properly?

       

      Thanks kindly in advance.