In my last post, I gave a high-level overview how to select a threat intelligence vendor and how to integrate indicators of compromise (IOCs) into your SIEM or log management environment. In this post, I will describe in detail how to use the Threat Intelligence plugin that ships with Graylog. I’ll start with the steps necessary to prepare your data, then explain how to activate the feature and how to configure it for use.

One of the most obvious effects of the digital age is the unprecedented advancements in technology. Thirty years back, driverless cars, missions to Mars, and AI-powered robots were pure science fiction. Today, all these things are close to being an everyday reality. And speaking of unparalleled innovations, who would’ve thought that the day would come when all the devices around us—from mobile devices to sensors and appliances—could exchange information amongst themselves.

The news is full of stories about the talent shortage in IT, especially in IT security. This shortage has created pressure on organizations to grow IT operations and to do that securely, all while having too few staff. Many are turning to threat intelligence to give their security analysts the tools they need to evaluate threats quickly and effectively. Essentially offering “Intelligence as a Service,” these tools enable organizations to benefit from the research of others.

Organizations Can Protect Against 4,000 Cyberattacks for Less Than a Dollar per Device per Month.