Open aarju opened 1 year ago
@MikePaquette @peasead we are currently building out our own version of this feature, but it would be great if this was built into the security solution.
Pinging @elastic/security-solution (Team: SecuritySolution)
@dhru42 is focused on some of these intersecting efforts. Tagging for visibility.
Describe the feature: Within the Security solution's Intelligence tab there should be a way to manually upload indicators to be added to the Threat Intel index pattern.
threat.group.*
field information to be added to all of the uploaded IOCsFrom within the Security solution there should also be a quick way to select a field in an alert or case and add that field as an indicator to the threat intel index.
Describe a specific use case for the feature: